Privacy Policy
1.Introduction
1.1. COMMOT CO., LTD. or any affiliate of COMMOT CO., LTD. (referred to herein as "COMMOT CO., LTD.") may process Client personal data to optimize the provision of services and allow access to requested products.
1.2. Data processing means collection, recording, arrangement, storage, alteration, disclosing, consultation, extraction, use, transmission, cross-use, transferring or granting access to third parties, interconnecting, closure, deletion or destruction of data, or several of the aforementioned operations, regardless of the manner in which they are performed, or the means used.
1.3. This Privacy Policy applies to all personal data that COMMOT CO., LTD. processes through its website as well as any other affiliated websites and applications. This Policy also applies to personal data collected during correspondence held with us by any means (email, telephone or otherwise) or any personal information collected during the provision of services.
1.4. This Policy outlines the type of data COMMOT CO., LTD. processes and means of collection, the use/storage of the data, basis for processing and sharing data with third parties, retention period and data privacy rights of the Client.
1.5. By opening an account with COMMOT CO., LTD., the Client hereby gives consent to the collection, processing, storage and use of personal data as explained below.
2.Type of Means of Data Collection
2.1. COMMOT CO., LTD. may collect in databases any publicly available data or any data voluntarily submitted by data subjects. Only data necessary for the provision of service to clients and/or for the performance of operations requested by clients may be requested.
2.2. The type of personal data COMMOT CO., LTD. may collect includes, among others, the name, address, ID/passport, place and date of birth, gender, phone number, email address of the Client, any other data obtained for validation of application or use of services, as well as any information collected during the course of the relationship that does not directly relate to the provision of services.
2.3. Personal data may be collected automatically when the Client visits the website and may include IP address, device type, identification number, browser type, geographic location, and any other information automatically stored when accessing our database.
2.4. Data may also be collected if provided voluntarily by the Client when completing application forms, sending them by post or email, or providing information by telephone or email. This may include personal details, contact information, financial data, or any other data processed as part of the course of business.
3.Use and Storage of Data
3.1. COMMOT CO., LTD. shall collect and process client data to the extent necessary for specified objectives (provision of services), and in a manner designed for the specific purpose. Unnecessary data shall be deleted or destroyed promptly. Use of data in any other manner than previously agreed is permitted only with consent of the data subject or on conditions specified by law.
3.2. COMMOT CO., LTD. shall compile a list and documentation of means used in data processing and shall keep records of processing. The list may include equipment and software details and related documentation references.
3.3. Persons engaged in processing data shall process data only for authorized purposes under established conditions and according to instructions/orders received, and shall maintain confidentiality of non-public data. Confidentiality obligations continue after termination of employment or service relationship with COMMOT CO., LTD.
3.4. Unauthorized processing of data (including recording, alteration, deletion, reading, copying, transmission, unauthorized transportation of records, and any other unauthorized use not prescribed by official duties) is prohibited.
3.5. Adequate security measures, including encryption if necessary, shall be implemented for data transmission and transport of records.
3.6. Every user of the database shall be issued personal means of authentication. Access passwords for electronic databases shall be changed at least once per quarter. Means of automatic password entry are prohibited. Users shall not have access to data beyond their authorized duties.
3.7. COMMOT CO., LTD. shall implement measures to ensure each data processing operation leaves an audit trace identifying operator, type and time of operation, including relevant details regarding recording, alteration, deletion, access, and transmission. A possibility for restoring data content before modifications shall be available.
3.8. Managers or employees of COMMOT CO., LTD. may rely on justified expectations that submitted data are correct and shall periodically verify accuracy by requesting data subjects to check and correct/confirm details.
3.9. Incomplete or incorrect data known to managers/employees shall be closed and promptly corrected/supplemented. Upon request of a data subject, incorrect data may be corrected, and incorrect data shall be stored with correct data and a note indicating the period in which incorrect data were used.
3.10. If data accuracy is disputed, data in question shall be closed until confirmed. Third parties who provided or received the data shall be promptly notified of corrections where technically feasible and not disproportionately costly.
3.11. Managers and employees shall register and preserve data/documents associated with provision of services, including documents setting rights/obligations, service conditions, details of services and transactions, and communications with clients sufficient to provide an overview of COMMOT CO., LTD. actions in service provision.
4.Basis for Processing Personal Information and Sharing with Third Parties
4.1. COMMOT CO., LTD. may process personal data where it has the Client consent, for contract conclusion/performance, to comply with legal obligations, or where such action is in COMMOT CO., LTD. legitimate interest.
4.2. Information may be shared with affiliates where reasonably required to provide products or services to the Client.
4.3. COMMOT CO., LTD. does not sell, license, lease, or otherwise disclose client personal information to third parties, except as described in this Policy.
4.4. COMMOT CO., LTD. reserves the right to disclose personal information to third parties where required by law, regulatory, or other government authorities.
4.5. COMMOT CO., LTD. may disclose information to credit reporting or collection agencies as reasonably required in order to provide services to the company and/or clients.
4.6. COMMOT CO., LTD. may engage third parties to carry out internal functions such as account processing, fulfillment, client service, client satisfaction surveys, or other data collection activities relevant to business. Use of shared information is strictly limited to those purposes.
4.7. COMMOT CO., LTD. is not responsible for privacy policies/content of linked sites and has no control over use or protection of information provided or collected there. Information provided on linked/co-branded sites is governed by the third-party policy.
5.Data Retention
5.1. COMMOT CO., LTD. will retain personal data as long as necessary for the purposes set out in this Policy unless otherwise required by law.
5.2. Client agreements and/or service provision conditions shall be preserved for at least as long as the contractual or other legal relationship continues, unless a longer term is specified by law.
5.3. Data retention is subject to periodic review.
6.Rights of the Data Subject
6.1. The Client may withdraw consent for processing personal data at any time; in that case COMMOT CO., LTD. shall cease processing to the corresponding extent.
6.2. Every person has the right to access data concerning themselves, obtain a copy, and rectify inaccurate information, unless restricted by law. Decisions on granting/withholding access and issuing copies are made by the executive manager of COMMOT CO., LTD.
6.3. Every person has the right to request that COMMOT CO., LTD. stop processing their data. In such cases, provision of certain services/features may not be possible.
6.4. Upon request, COMMOT CO., LTD. shall notify the data subject of available data, sources, purpose of processing, and third parties/categories of third parties authorized for data transmission, unless restricted by law. Data shall be issued using the method requested, where possible, within five business days of receiving the request.
6.5. In cases specified by law, data shall be released to third parties with statutory rights. In other cases, release requires data subject consent.
6.6. Authorized persons may review, on-site in COMMOT CO., LTD., documents on establishment of databases and other documents pertaining to databases.
7.Data Deletion
7.1. The Client may delete personal data at any time by following instructions:
- Client side: Profile -> Security -> Delete Account.
- Server side: clear all records.
Privacy and Data Protection Policy
1. How do we store personal information and for how long?
We hold personal information in a combination of secure computer storage facilities and paper-based files and other records, and take steps to protect it from misuse, loss, unauthorized access, modification, or disclosure.
When personal information is no longer needed, identifying details are removed or records are securely destroyed.
We may need to maintain records for significant periods due to investment services and anti-money laundering laws, including identity verification evidence, sources of income and wealth, transaction monitoring, communication records, order and trade history, complaint handling, and records demonstrating compliance. These records may be retained for five years after relationship end, or longer if required by regulators.
Personal data provided during account opening registration, where registration was not completed or application was rejected, may be retained for six months unless regulation requires longer retention.
If you opt out of marketing, your details may be held on a suppression list.
Data may be transferred to and stored outside the European Economic Area (EEA), and processed by staff or suppliers/affiliates operating outside the EEA. Reasonable steps are taken to ensure secure treatment in accordance with this Policy.
For transfers outside the EEA, applicable safeguards may include standard contractual clauses, binding corporate rules, the EU-US Privacy Shield, or equivalent arrangements. To request a copy of such arrangements, contact us using the details below.
2. Your rights
Please note these rights do not apply in all circumstances. You may be entitled to:
- Request access to your personal data.
- Request correction of personal data we hold about you.
- Request erasure of your personal data, subject to legal exceptions that may be notified to you at the time of your request.
- Object to processing based on legitimate interests (including direct marketing), subject to overriding legitimate grounds where applicable.
- Request restriction of processing in specific scenarios, such as accuracy disputes, unlawful use objections, legal claims, or pending verification of overriding grounds.
- Request transfer of your personal data in a structured, commonly used, machine-readable format (for automated information where applicable).
- Withdraw consent at any time where processing relies on consent.
Submit personal data requests by email from your registered email address to: [email protected]. Erasure requests can also be submitted through your online portal.
We aim to respond within one month. Complex or multiple requests may take longer, in which case you will be notified within one month and kept updated.
A reasonable fee may apply to manifestly unfounded, excessive, repetitive requests, or requests for further copies of the same data. We may also refuse such requests where permitted.
3. Notification of Breaches
In the event of unauthorized breaches or intrusions into our systems that may affect personal data security, we will notify you as soon as practically feasible and take necessary measures to avoid similar future occurrences.
4. Contact us
If you have questions about this Privacy and Data Protection Policy or how personal information is processed/used in connection with our software applications or websites, please contact us. Your request should include your name and other information needed for identification and proper processing of the request.
Back to Documents