Risk warning: Trading in CFDs involves a high level of risk. Retail investor accounts lose money when trading CFDs with this provider.

Privacy Policy

This Privacy Notice explains how the Firm collects, uses, shares, retains, and protects the personal data of its clients and prospective clients. It also sets out the rights available to data subjects under Seychelles law and how those rights may be exercised. The Notice applies in addition to the Firm’s Client Agreement and other published policies, including the Cookie Policy and the AML/CFT Policy summary.

This Notice is directed to natural persons who are past, current, or prospective clients of the Firm, and to the authorised representatives, agents, or beneficial owners of legal entities that are or may become clients of the Firm. Where the data subject is a natural person dealing with the Firm on behalf of a legal entity, the references in this Notice to “you” and “your” include both the legal entity and the natural person.

  1. Who We Are and Our Role

    Trade Set Go Ltd (“the Firm”, “we”, “us”, “our”) is a limited liability company incorporated under the laws of the
    Republic of Seychelles with registration number 8438631-1, licensed by the Financial Services Authority of Seychelles as a Securities Dealer under Licence SD249. The Firm acts as data controller in respect of the personal data described in this Notice.
    The Firm is committed to processing personal data lawfully, fairly, transparently, and in accordance with the Data Protection Act 2023 of the Republic of Seychelles (the “DPA”) and the principles set out in Section 4 of the DPA.

  2. Personal Data We Collect

    We collect and process the following categories of personal data in the course of providing our services. The specific data items collected depend on the stage of the relationship and the service provided.

    1. Identification and contact data
      Name; date and place of birth; nationality; residential address; correspondence address; email address; telephone number; tax identification number where applicable; and government-issued identity document numbers (passport, national identity card, driving licence) together with copies of those documents.
    2. Financial and economic data
      Information about your financial circumstances, employment, occupation, education, investment objectives, trading experience, risk tolerance, source of funds, source of wealth, and net worth. This data is collected to assess the appropriateness of our services to you and to comply with our regulatory obligations.
    3. Payment and transaction data
      Bank account details (IBAN, SWIFT, routing identifiers); credit and debit card details (or tokenised equivalents); payment service provider and e-wallet identifiers; transaction history and related data such as transaction amount, currency, timestamp, and counterparty information.
    4. Account, trading, and platform data
      Login credentials; trading account identifiers; trading history including instruments traded, order details, execution times, execution prices, and realised and unrealised profit and loss; account balance, deposit and withdrawal history; positions held; platform activity logs; client portal interactions; and trading platform usage metrics.
    5. Technical and device data
      Internet Protocol (IP) address and IP geolocation; device identifiers including browser fingerprint, device model, operating system, and screen configuration; access logs and connection timestamps; pages viewed; and other technical information necessary to maintain the security and performance of our systems.
    6. AML, CDD, and screening data
      Identity and address verification documents and the results of verification checks; the results of customer due diligence and, where applicable, enhanced due diligence; politically exposed person status; sanctions screening results; adverse media search results; information relating to source of funds and source of wealth; and information regarding any alleged or actual offence or conviction obtained from legitimate sources for AML/CTF purposes.
    7. Communications and support data
      Correspondence with the Firm including emails, chat conversations, telephone call recordings, and any other communication channel made available by the Firm; complaint records; and notes of interactions with our client support, dealing, and compliance teams.
    8. Marketing and consent data
      Marketing preferences, consents given and withdrawn, and responses to marketing communications where you have consented to receive them.
      Some of the data we hold may be sensitive under the DPA (for example, data revealing offences or alleged offences in the context of sanctions screening or adverse media). We process such data only where strictly necessary and on a lawful basis under the DPA.

  3. Why We Process Your Personal Data

    We process personal data on a minimisation principle: we limit the data processed, and the purposes for which it is processed, to what is strictly necessary for legitimate purposes. The purposes are:

    • To establish, perform, and administer the contractual relationship between you and the Firm, including the provision of trading and ancillary services.
    • To open and maintain your trading account and to authenticate your access to our systems.
    • To process deposits, withdrawals, and internal transfers, and to perform reconciliation, settlement, and accounting functions.
    • To assess the appropriateness of the products and services we offer to you, where required by applicable law and regulation.
    • To monitor trading activity and to operate the Firm’s risk management, dealing, and execution functions.
    • To detect, prevent, and investigate fraud, market abuse, money laundering, terrorism financing, and other financial crime, and to perform sanctions and adverse-media screening.
    • To comply with our obligations under the AML/CFT Act 2020, the Beneficial Ownership Act 2020, the Securities Act 2007, as amended, and the Securities (Conduct of Business) Regulations 2008, as amended, FSA licensing conditions, and other applicable law.
    • To handle and respond to complaints, disputes, and requests, and to maintain records of those interactions.
    • To exercise, establish, and defend the Firm’s legal rights, including in connection with judicial or administrative proceedings.
    • To send service communications (account notifications, regulatory disclosures, security alerts) and, where you have consented, marketing communications.
    • To maintain the security, integrity, and availability of our systems, including detection and prevention of unauthorised access and other security incidents.
    • To conduct internal audit, governance, risk management, and operational analytics.

  4. Legal Basis for Processing

    The DPA permits the processing of personal data on one or more of the following legal bases (set out in Section 5 of the DPA). The Firm relies on the basis or bases relevant to the specific processing activity:

        1. Consent. Where you have given consent to the processing of your personal data for one or more specific purposes. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
        2. Performance of a contract. Processing necessary for the performance of the contract between you and the Firm, or to take steps at your request prior to entering into such a contract.
        3. Legal obligation. Processing necessary for compliance with a legal obligation to which the Firm is subject — including obligations under the AML/CFT Act 2020, the Securities Act 2007, and applicable FSA rules.
        4. Vital interests. Processing necessary to protect the vital interests of the data subject or of another natural person.
        5. Public interest. Processing carried out in the context of public interest and within a legal framework supporting that public interest.
        6. Legitimate interests. Processing necessary for the legitimate interests pursued by the Firm or by a third party, where those interests are not overridden by the interests or fundamental rights and freedoms of the data subject. The Firm relies on this basis for, among other things, fraud prevention, security monitoring, internal record-keeping, and certain analytics.
        7. Administration of justice or public function. Processing necessary for the administration of justice, or for a public function in a state of emergency where the processing is conducted for the benefit of the data subject.

  5. Where We Collect Your Data From

    The majority of the personal data we process is provided directly by you, through our website, client portal, mobile applications, email, telephone, chat, or other channels you elect to use.
    We may also lawfully collect personal data about you from:

    • Identity verification service providers and information-aggregation agencies engaged by the Firm to perform CDD and EDD.
    • Sanctions, PEP, and adverse-media screening service providers.
    • Card payment processors, payment service providers, banking partners, and correspondent institutions in connection with deposits and withdrawals.
    • Public sources, including national company registries, sanctions and PEP lists, regulatory and judicial publications, press, media, and the open internet, where such collection is permitted under applicable law.
    • Introducers, affiliates, and other intermediaries through whom you may have been referred to the Firm, where you have consented to such referral.
    • Public authorities and regulators in connection with their lawful enquiries or requests.

  6. Who We Share Your Data With

    We share personal data only where necessary for the purposes set out in this Notice and on the basis of one or more of the legal bases described in Section 4. Recipients of personal data fall into the following categories. We do not name individual recipients in this Notice; the categorical descriptions below are intended to inform you of the types of third parties involved in processing.

    • Group companies. Where applicable, other entities within the Firm’s corporate group that perform support functions on behalf of the Firm under contractual data protection commitments.
    • Regulators and supervisory authorities. The Financial Services Authority of Seychelles; the Information Commission; the Financial Intelligence Unit; tax authorities; courts and tribunals; law enforcement authorities; and other governmental bodies, in each case where we are required or permitted to share information.
    • Financial institutions and payment infrastructure. Banks, correspondent banks, card schemes and acquirers, payment service providers, and e-money institutions, in connection with funding, withdrawal, and settlement of your transactions.
    • Identity verification, AML, and compliance service providers. Third parties engaged by the Firm to perform identity verification, customer due diligence, enhanced due diligence, sanctions and PEP screening, adverse-media screening, and related compliance functions.
    • Trading platform and technology providers. Providers of the Firm’s trading platform infrastructure, client relationship management systems, hosting and cloud-infrastructure providers, cybersecurity vendors, and other technology service providers necessary to deliver our services.
    • Liquidity providers, prime brokers, and execution venues. To the extent necessary to execute, clear, settle, and report your transactions and to manage the Firm’s market exposure.
    • Professional advisers. Legal counsel, auditors, accountants, tax advisers, and consultants engaged by the Firm under professional duties of confidentiality.
    • Customer support, communication, and marketing service providers. Third parties that support our customer support, email and SMS communication, and (where you have consented) marketing functions.

    All third parties to whom we transfer personal data are bound by contractual obligations to process data only on our documented instructions, to apply appropriate technical and organisational security measures, and to respect the confidentiality of the data. Where we transfer data to such third parties as data processors, those processors act on our behalf and we remain accountable for the data.
    We may also disclose personal data where we are required or permitted to do so by law, by court order, or by binding regulatory request; or where we consider disclosure necessary to enforce our policies (including the Client Agreement); to investigate fraud, market abuse, or financial crime; to establish or defend legal claims; or to prevent harm to the rights, property, or safety of the Firm, our clients, or third parties.

  7. International Transfers of Personal Data

    The Firm is based in the Republic of Seychelles. In the ordinary course of our operations, your personal data may be transferred to recipients located outside Seychelles, including for the purposes set out in Section 6 (technology infrastructure, payment processing, regulatory reporting, and similar).
    Cross-border transfers of personal data are carried out in accordance with the DPA. Before transferring personal data outside Seychelles, we ensure that one or more of the following conditions is satisfied:

    • The destination jurisdiction provides an adequate level of data protection as determined by the Information Commission.
    • Appropriate safeguards are in place — including, where appropriate, contractual data protection clauses that impose obligations on the recipient substantially equivalent to those under the DPA.
    • The transfer is necessary for the performance of our contract with you, or for the implementation of pre-contractual measures taken at your request.
    • The transfer is necessary for compliance with a legal obligation, for the establishment, exercise, or defence of legal claims, or to protect the vital interests of the data subject or another natural person.

    In all cases, we take steps to ensure that your personal data continues to receive a level of protection that is substantially similar to that provided under the DPA. Further information about our cross-border transfers is available from the Data Protection Officer on request.

  8. How Long We Retain Your Personal Data

    We retain personal data for as long as is necessary for the purposes for which it was collected, and in any event for the minimum periods required by applicable law.
    In particular:

    • Records relating to client identification, customer due diligence, and transactions are retained for a minimum period of seven (7) years from the date of termination of the business relationship or from the date of completion of the relevant occasional transaction, in accordance with the AML/CFT Act 2020 and FSA-issued guidance.
    • Trading records, order and execution records, and related communications are retained for the period required by the Securities Act 2007 (as amended), the Securities (Conduct of Business) Regulations 2008 (as amended), and applicable FSA rules — currently a minimum of seven (7) years.
    • Records relating to complaints, disputes, regulatory enquiries, and litigation are retained for the duration of any open matter and for a further reasonable period to permit the establishment, exercise, or defence of legal claims.
    • Marketing data is retained for as long as your consent remains valid or until you object to or withdraw from marketing, whichever is earlier.

    An additional retention period of up to one (1) year may be applied where necessary to accommodate regulatory audits, pending investigations, or administrative processes that extend beyond the standard retention period. This extension is consistent with the data minimisation and storage limitation principles of the DPA.

    After the applicable retention period has expired, your personal data will be securely deleted or anonymised so that it can no longer be associated with you. Where data is anonymised, it ceases to be personal data under the DPA and may be retained for statistical, analytical, or historical purposes without further notice to you.

  9. Your Rights

    As a data subject under the DPA, you have the following rights in relation to your personal data. The rights are not absolute and may be limited where another lawful basis (for example, a regulatory obligation) requires us to continue processing or retaining the data.

    • Right to information. You have the right to be informed about the personal data we process about you and the purposes for which we process it.
    • Right of access. You have the right to obtain confirmation that we are processing your personal data and to receive a copy of that data.
    • Right to rectification. You have the right to have inaccurate personal data corrected and incomplete data completed.
    • Right to erasure. You have the right to request the deletion of your personal data in certain circumstances — for example, where the data is no longer necessary, where you withdraw consent that formed the lawful basis, or where the processing is unlawful. Where we are required by law (in particular under AML/CFT and FSA record-keeping rules) to retain your data, this right may be limited.
    • Right to restriction of processing. You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while we verify the accuracy of contested data.
    • Right to data portability. Where we process your data by automated means and on the basis of your consent or the performance of a contract, you have the right to receive that data in a structured, commonly used, machine-readable format and to transmit it to another controller.
    • Right to object. You have the right to object to processing carried out on the basis of our legitimate interests (Section 4(f)) and at any time to processing for direct marketing purposes. We will respect your objection unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
    • Right to object to automated decision-making. As described in Section 9.
    • Right to withdraw consent. Where we process your data on the basis of your consent, you may withdraw that consent at any time.
    • Right to compensation and judicial remedy. Under the DPA, you have the right to bring an action before a court for damage arising from unlawful processing.
    • Right to lodge a complaint. You have the right to lodge a complaint with the Information Commission of Seychelles. Contact details are set out in Section 13.

    To exercise any of these rights, please contact the Data Protection Officer at dpo@tradesetgo.com or in writing to our registered address. We may apply identity-verification measures before responding to ensure that personal data is not disclosed to an unauthorised person.

    We respond to data subject requests without undue delay and, in any event, within one month of receipt. Where the request is complex or where we receive a number of requests from you, we may extend this period by a further two months and will inform you of any extension within the first month.

  10. Security of Your Personal Data

    We implement appropriate technical and organisational security measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include access controls, encryption of data in transit and at rest where appropriate, network and application security controls, monitoring and logging, staff training, vendor due diligence, and incident response procedures.

    In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify the Information Commission and, where required, affected data subjects in accordance with the DPA.

  11. Contact and Complaints

    If you have any question, concern, or complaint about how we handle your personal data, please contact the Firm’s Data Protection Officer in the first instance:

    Data Protection Officer Email: dpo@tradesetgo.com

    Postal address: Arpent Vert Building, Mont Fleuri, Victoria, Mahe Seychelles
    Supervisory authority Information Commission, Seychelles

    Caravelle House, Victoria, Mahé, Seychelles

    Email: info@infocom.sc

    Website: www.infocom.sc

    If, after raising your concern with the Firm, you remain dissatisfied with our response, you have the right to lodge a complaint directly with the Information Commission of Seychelles.

  12. Changes to This Notice

    This Privacy Notice may be updated from time to time. The current version is always available on our website and is identified by the version number and effective date in the document header. Where we make material changes to this Notice, we will notify you in advance through your client portal or by email.

    We recommend that you review this Notice periodically to stay informed of how we process your personal data.