Privacy Policy

General Provisions and Scope

Exness (India) Ltd operates under the Data Protection Act 2018 and India General Data Protection Regulation frameworks. The privacy policy establishes guidelines for collecting, processing, and protecting personal information of clients. These regulations apply to all operations conducted through Exness platforms and services. The policy covers interactions through website access, communication channels, and trading activities. Implementation extends to all branches and representative offices within the India jurisdiction. The document supersedes previous privacy agreements and associated forms. Regular updates maintain compliance with evolving data protection standards. The policy underwent its latest revision in January 2021.

Core Definitions and Terms

Personal data encompasses identifiable information relating to living individuals using Exness services. Processing activities include collection, recording, storage, and transmission of personal data. Data subjects refer to clients, potential clients, and website visitors providing information. Controllers determine processing purposes while processors handle data on behalf of controllers. Consent represents freely given, specific agreement for data processing. Special category data includes sensitive personal information requiring enhanced protection. Regulatory bodies oversee compliance with data protection requirements. Third-party processors operate under strict contractual obligations. Data Categories Overview:

Category	Description
Contact Data	Name, address, phone, email
Financial Data	Account details, income sources
Identity Data	Passport, ID documents
Technical Data	IP address, device information
Trading Data	Transaction history, positions

Operator Rights and Responsibilities

The company maintains responsibility for implementing appropriate security measures. Authorization procedures control access to personal information databases. Regular staff training ensures proper handling of sensitive data. Internal audits verify compliance with established procedures. Documentation of processing activities remains current and accessible. Breach notification protocols activate within mandated timeframes. Response procedures address data subject requests promptly. Technical infrastructure undergoes periodic security assessments.

Data Subject Rights Framework

Individuals maintain rights to access their personal information holdings. Correction requests receive prompt attention and verification. Data portability enables transfer between service providers. Erasure requests undergo evaluation within regulatory constraints. Processing restrictions apply under specified conditions. Objection rights cover direct marketing activities. Automated decision-making requires explicit consent. Withdrawal of consent remains available without prejudice. Protected Rights Include:

Access to personal data copies
Correction of inaccurate information
Data portability requests
Processing restrictions
Marketing communications opt-out
Automated processing objections

Data Processing Principles

Data collection serves specifically identified business purposes. Processing activities maintain proportionality with stated objectives. Accuracy requirements guide information maintenance procedures. Storage limitations align with regulatory retention periods. Security measures protect against unauthorized access. Transparency provides processing visibility to data subjects. Accountability demonstrates compliance with regulatory requirements. International transfers meet adequacy requirements.

Lawful Processing Requirements

Processing occurs under contractual necessity for service provision. Legal obligations require specific data collection activities. Legitimate interests support certain processing operations. Consent provides additional processing authority where required. Special category data receives enhanced protection measures. Criminal record processing follows strict regulatory guidelines. Child data collection requires parental consent verification. Processing limitations apply to non-essential activities. Processing Bases Framework:

Legal Basis	Application
Contract	Account services
Legal Obligation	Regulatory compliance
Legitimate Interest	Security measures
Consent	Marketing activities
Special Category	Enhanced protection

Data Collection and Storage Protocols

Secure systems maintain personal information confidentiality. Encryption protects data during transmission and storage. Access controls restrict information availability to authorized personnel. Retention schedules determine storage duration requirements. Backup systems ensure data recovery capabilities. Disposal procedures protect confidentiality after retention periods. Documentation tracks processing activities comprehensively. Regular reviews assess storage security effectiveness.

Information Transfer Procedures

Third-party transfers require documented agreements and safeguards. International transfers meet adequacy requirements under India GDPR. Service providers undergo security assessment before engagement. Transfer documentation maintains detailed processing records. Recipient obligations include specified security measures. Monitoring ensures ongoing compliance with transfer requirements. Data sharing limitations protect confidential information. Transfer mechanisms receive regular review and updates.

Data Protection Measures

Technical controls protect against unauthorized access attempts. Administrative procedures guide staff handling of information. Physical security measures protect storage locations. Incident response plans address potential breaches. Recovery procedures ensure business continuity. Staff training covers security requirements regularly. Assessment procedures evaluate protection effectiveness. Security updates maintain protective measures currently.

Concluding Policy Elements

Policy updates reflect regulatory and operational changes. Communication procedures notify affected parties of modifications. Implementation responsibility rests with designated personnel. Compliance monitoring ensures ongoing effectiveness. Dispute resolution procedures address privacy concerns. Contact information remains available for inquiries. Documentation requirements support compliance demonstration. Review schedules maintain policy currency.