FxPro Privacy Policy and Data Protection

FxPro processes personal information of Nigerian clients in line with applicable data protection rules, including the Nigeria Data Protection Regulation (NDPR). Personal data typically includes identification details, contact information, financial data, verification documents and records of trading activity. This information is used to create and maintain a trading account, verify identity, meet anti-money laundering and know-your-customer requirements, and process trading and payment operations.

Data is also used to send service notifications, such as changes to account status, platform updates or responses to support requests. Marketing messages may be sent only where the client has given consent, and that consent can be withdrawn through account settings or by contacting support. Information is retained for as long as the account is active and for a period afterwards to meet legal and regulatory duties, particularly in relation to financial records and identity checks.

Personal data is stored on protected servers with technical and organizational measures aimed at limiting unauthorized access or disclosure. Access inside the organization is restricted to staff who need specific information to perform assigned tasks and who are subject to confidentiality requirements. FxPro may share data with third parties that support service delivery, such as payment providers or technology partners, but only under contracts that require proper data protection. Transfers of data outside Nigeria are made with safeguards intended to keep protection at a level consistent with Nigerian standards.

Under Nigerian law, clients have rights to access, correct and in some situations delete personal information, and may object to certain processing activities, including marketing. Requests to exercise these rights can be sent through the account interface or via the support channels listed in the client area. In practice, FxPro generally responds within 30 days, with more time taken only for complex requests.

FxPro collects several categories of personal data from Nigerian clients:

• Basic identity details such as full name and date of birth
• Contact details including email address, phone number and residential address
• Verification documents such as government-issued identification and proof of address
• Financial information related to deposits, withdrawals and account balances
• Trading activity data, including orders, executions and positions
• Technical and usage information like IP address, device and browser type, and login timestamps

In addition, cookies and similar technologies are used on the platform to remember user preferences, support security functions and analyse how the service is used. Cookie settings can be adjusted in the browser, although restricting some cookies may reduce platform functionality.

*Marketing use applies only where the client has given consent.

Personal data reaches FxPro through several channels linked to the normal use of the service:

• During account registration, when the client provides basic personal and contact information
• During verification, when copies of identification and address documents are uploaded
• During trading, when orders, trades and account changes are recorded
• During payments, when details required to process deposits and withdrawals are entered
• During platform access, when technical data such as IP address and device identifiers are captured

Sensitive payment card details are generally handled by external payment processors on secure platforms rather than stored directly inside FxPro systems. Information produced by cookies and similar tools is collected automatically when a client browses or uses the trading interface.

Personal information is stored for the lifetime of the trading account and for a number of years afterwards, in line with regulatory expectations for financial services. Transaction records, financial statements and verification documents are typically kept for six years from the date of receipt or from account closure, depending on which date is later. This makes it possible to respond to audits, address complaints and meet legal retention requirements.

Data resides on secure servers with encryption used for data transmission, such as secure socket layer (SSL) protocols. Firewalls, access controls and regular security assessments are applied to reduce the risk of unauthorized access, alteration or loss. Only authorized personnel with a business need can view specific data sets, and internal policies require them to handle information confidentially.

Nigerian clients benefit from several rights over personal data held by FxPro:

• Right of access: to obtain confirmation that data is being processed and receive a copy
• Right to rectification: to correct incomplete or inaccurate information
• Right to erasure in defined situations, subject to legal retention duties
• Right to object to certain processing, particularly direct marketing
• Right to withdraw consent where consent is the legal basis for processing

To use these rights, a client can submit a request from the account dashboard or via the standard support channels. FxPro typically answers within 30 days, although intricate or large-scale requests may require additional time. Fees for such requests are not usually charged unless the request is clearly unfounded or repeated excessively.

FxPro does not sell client personal data. Information may, however, be shared with certain third parties when necessary for service delivery or compliance:

• Payment processors and banks, to complete deposits and withdrawals
• Technology and infrastructure providers, to operate and maintain the platform
• Regulatory authorities and law enforcement, where disclosure is legally required or linked to fraud and financial crime prevention

Third-party providers are engaged under contractual terms that limit the use of data to agreed purposes and require appropriate safeguards. When information is transferred to locations outside Nigeria, measures are implemented so that the level of protection remains consistent with Nigerian data protection principles.

Security is addressed at both technical and organizational levels. FxPro uses features such as two-factor authentication to add an extra step to account access. Security audits and vulnerability assessments are carried out to identify and manage potential weaknesses, and staff receive ongoing training on data protection responsibilities.

Despite these precautions, no infrastructure can be completely free from incidents. If a data breach occurs that could affect client rights or privacy, FxPro will notify impacted clients and the relevant Nigerian authorities as required by law. Notifications include available information about the nature of the incident, the categories of data involved and the immediate and longer-term steps being taken in response.

Clients who wish to clarify how their information is treated or who intend to exercise a privacy right can use the contact options provided in the secure client area. The privacy policy and internal practices are reviewed regularly to reflect changes in regulation, technology and business operations, so clients are encouraged to revisit policy texts periodically for updates.