1. Introduction
This Policy applies to Helix Access LLC (referred to as ‘Helix Access’, ‘we’, ‘our’, ‘us’) with registered address at First Avenue, Tauranga, Tauranga, 3110, New Zealand extends to and covers all operations and functions of Helix Access’.
All third parties (including clients, suppliers, sub-contractors, or agents) that have access to or use personal information collected and held by Helix must abide by this Privacy Policy. Helix Access makes this Policy available free of charge.
This Policy outlines Helix Access obligations to manage and protect personal information. Helix is bound by New Zealand Financial Privacy Freedom of Information Act 2003 (‘Privacy Act’), and where applicable, the EU General Data Protection Regulation (GDPR). This Policy also outlines Helix Access practices, procedures and systems that ensure compliance with the Privacy Act, and where applicable, the GDPR.
Where the GDPR applies to your personal information, we will be the responsible controller for any personal information you provide to us in connection with your relationship with us.
In this Privacy Policy:
- ‘Credit information’ is personal information (other than sensitive information) that relates to an individual’s credit history or credit worthiness, and is further defined in the Privacy Act;
- ‘Disclosing’ information means providing information to persons outside Helix Access;
- ‘Individual’ means any persons whose personal information we collect, use or disclose;
- ‘Personal information’ means information or an opinion relating to an individual, which can be used to identify that individual;
- ‘Privacy Officer’ means the contact person within Helix Access for questions or complaints regarding Helix Access’ handling of personal information;
- ‘Sensitive information’ is personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information; and
- ‘Use’ of information means use of information within Helix Access.
2. What kind of personal information do we collect and hold?
We collect and hold the following kinds of personal information about individuals:
- name;
- address;
- contact details;
- employment details;
- trading history;
- identification information (such as passport, utility bills or drivers’ licences) required to be collected and verified in accordance with the Anti-Money Laundering and Counter Terrorism Financing Act 2006;
3. How we collect personal information
We generally collect personal information directly from the individual. For example, when an individual submits an account application form online, visits our website, calls us or sends us correspondence we will collect personal information. Sometimes we may collect personal information about the individual from a third party. When we are provided with personal information from a third party, we will take reasonable steps to ensure that the individual is or has been made aware of the matters set out in this Privacy Policy. We may also collect credit information about an individual from credit reporting bodies to assist us in assessing an individual’s application to open an account.
Helix Access will not collect sensitive information unless the individual has consented or an exemption under the Privacy Act applies. These exceptions include if the collection is required or authorised by law or is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If the personal information we request is not provided by an individual, we may not be able to provide the individual with the benefit of our services, or meet their needs appropriately.
Helix Access does not give individuals the option of dealing with them anonymously, or under a pseudonym, as Helix Access is required to identify all trading clients under the New Zealand Anti-Money Laundering and Terrorist Financing Regulations 2014, as amended. In addition, it is impracticable for Helix Access to deal with individuals who have no identified themselves or us a pseudonym.
Where your personal information is being collected under the GDPR, Helix Access will also take reasonable steps to make you aware of:
whether we are required to collect your personal information under a contractual relationship or to comply with our legal or regulatory obligations, or if we are collecting your personal information based on your consent and your right to withdraw your consent at any time; your data subject rights under the GDPR (please see section “Access to Personal Information” below);
your right to lodge a complaint with the relevant data protection supervisory authority; and
if we intend to use automated decision making, including profiling to process your personal information, and a description of the automated decision making process and consequences.
4. Unsolicited personal information
Helix Access may receive unsolicited personal information about individuals. Helix employees are required to notify the Privacy Officer of all unsolicited personal information received by them. We destroy all unsolicited personal information, unless the personal information is relevant to Helix’ purposes for collecting personal information.
5. About whom do we collect personal information?
The personal information we may collect and hold includes (but is not limited to) personal information about the following individuals:
- clients;
- potential clients;
- introducing brokers, affiliates and money managers;
- service providers or suppliers;
- prospective employees, employees and contractors; and
- other third parties with whom we come into contact.
If necessary, we will also collect information about individuals such as:
- trustees;
- partners of legal partnerships;
- company directors and officeholders;
- agents nominated by the individual; and
- other third parties dealing with us on a ‘one-off’ basis.
6. Why does HALLC collect and hold personal information?
We may collect and hold the information about an individual for the following purposes:
- to consider and assess an individual’s application to open a trading account;
- assist Helix Accss in establishing and managing the individual’s trading account;
- to notify individuals of margin calls;
- to provide an individual with information about our services, market trends or special offers;
- to protect our business and other clients from fraudulent or unlawful activity;
- to conduct our business and perform other management and administration tasks;
- to consider any concerns or complaints an individual may have;
- to manage any legal actions involving Helix Access;
- to comply with relevant laws, regulations and other legal obligations; and
- to help us improve the products and services offered to our clients, and to enhance our overall business.
7. How might we use and disclose personal information?
Helix Access may use and disclose personal information for the primary purposes for which it is collected (set out in section 6 above), for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorised by the Privacy Act.
Helix Acess will use your personal information for any of the following purposes:
planning, performing, managing and administering your (or a third party’s to whom you are related) contractual business relationship with us, e.g. providing support services or providing you with other services or things you may have requested;
maintaining and protecting the security of our products, services and websites or other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
ensuring compliance with our legal and regulatory obligations. This may include sales record keeping obligations for tax or other purposes and sending required notices or other disclosures, compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws or to prevent white-collar or money laundering crimes). In this context we may be required to conduct automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and to contact you to confirm your identity in case of a potential match, to record interaction with you which may be relevant for antitrust purposes and to report to or support investigations by competent supervisory, law enforcement or other public authorities;
solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims.
where you have expressly given us your consent or otherwise legally permitted, we may process your personal data also for the following purposes:
communicating with you through the channels you have approved to keep you up to date on the latest announcements, special offers and other information about Helix products, technologies and services (including marketing-related newsletters) as well as events and projects which we are pursuing.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or permitted by law.
We engage other people to perform services for us, which may involve that person handling personal information we hold. In these situations, we prohibit that person from using personal information about the individual except for the specific purpose for which we supply it. We prohibit that person from using the individual’s information for the purposes of direct marketing their products or services.
Helix Access will attempt to destroy or de-identify sensitive information wherever possible. We also undertake to take reasonable steps to destroy or de-identify all personal information about an individual when it is no longer needed.
8. To whom might we disclose this personal information?
We may disclose personal information to:
- a related entity of FP Markets;
- an agent, contractor or service provider we engage to carry out our functions and activities, such as our lawyers, accountants, debt collectors or marketing agencies;
- organisations involved in a transfer or sale of all or part of our assets or business;
- organisations involved in managing payments, including payment merchants and other financial institutions such as banks;
- regulatory bodies, government agencies, law enforcement bodies and courts;
- liquidity providers;
- trade repositories;
- the individual’s introducing broker, co-account holder or other authorised agent; and
- anyone else to whom the individual authorises us to disclose it or is required by law.
- Where we are processing your personal information under the GDPR, we will process your personal information to the parties listed above, and the purposes for use listed above because:
- it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into such a contract;
- it is necessary for our or a third party’s legitimate interests, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. Our “legitimate interests” include our commercial interests in operating our business in a professional, sustainable manner, in accordance with all relevant legal and regulatory requirements (and bearing in mind our global presence);
- it is necessary to protect your or another person’s vital interests;
- it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our clients);
- for our compliance with our legal obligations; and
-
where we have obtained your specific or, where necessary, explicit consent to do so. We will in each case inform you about the processing of your data and your related rights prior to obtaining your consent.
The legal bases for processing of your personal information are set forth in Article 6 of the GDPR.
As a general principle, you will provide us with your personal data entirely voluntarily; there are generally no detrimental effects on you if you choose not to consent or to provide personal data. However, there are circumstances in which Helix Access cannot take action without certain of your personal data, for example because this personal data is required to process your orders, provide you with access to a web offering or newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for Helix Access to provide you with what you request without the relevant personal data.
9. Sending information overseas
We are likely to disclose personal information to an individual’s introducing broker. It is impracticable to specify the countries in which these introducing brokers may be located, as this depends on the introducing broker the individual chooses to use. If an individual is unsure of the location of their introducing broker, they should contact their introducing broker or Helix Access for further information. We also use cloud data storage providers, and the servers which store individuals’ personal information are located in a secured server.
10. Management of personal information
Helix Access recognises how important the security of personal information is to our clients. We will at all times seek to ensure that the personal information we collect and hold is protected from inference, misuse or loss, unauthorised access, modification or disclosure. Helix Access’ employees must respect the confidentiality of the personal information we collect. We hold all of your personal information in secure computer storage facilities and in paper-based files. In relation to our computer storage facilities, we apply the following guidelines:
- passwords are routinely checked;
- we change employees’ access capabilities when they are assigned to a new position;
- employees have restricted access to certain sections of the system;
- the system automatically logs and reviews all external unauthorised access attempts;
- the system automatically limits the amount of personal information appearing on any one screen;
- unauthorised employees are barred from updating and editing personal information;
- all personal computers which contain personal information are secured, physically and electronically;
- data is encrypted during transmission over external networks; and
- print reporting of data containing personal information is limited.
We will hold your personal information as long as required to provide you with the products or services, products or information you have requested and to execute and administer your business relationship with us. We are also required to keep certain information (e.g. relating to business or tax relevant transactions) for certain retention periods under applicable law. Your personal information will be promptly deleted when it is no longer required for these purposes.
11. Direct Marketing
- We may use third party service providers to assist us to promote our products and services to individuals. Helix Access does not use personal information for the purposes of direct marketing unless:
- the personal information does not include sensitive information; and
- the individual would reasonably expect us to use or disclose the information for the purpose of direct marketing; and we provide a simple way of opting out of direct marketing; and
- the individual has not requested to opt out of receiving direct marketing from us.
- If the individual would not reasonably expect us to use or disclose the information for the purpose of direct marketing, we may only use or disclose that information for direct marketing if the individual has consented to the use or disclosure of the information for direct marketing or it is impracticable to obtain that consent.
- In relation to sensitive information, Helix Access may only use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose. Individuals have the right to request to opt out of direct marketing and we must give effect to the request within a reasonable period of time.
- Individuals may also request that Helix Access provides them with the source of their information. If such a request is made, Helix Access must notify the individual of the source of the information free of charge within a reasonable period of time.
- If your personal information is being processed under the GDPR, where your permission is required for any marketing-related communication, we will only provide you with such information if you have opted in. You may opt out at any time if you do not want to receive any further marketing-related types of communication from us.
12. Identifiers
We will not use identifiers assigned by the New Zealand Authorities, such as a tax file number, Medicare number or provider number, for our own file recording purposes, unless any exemption as per the Privacy Act applies. Helix Access endeavours to avoid data-matching.
13. How do we keep personal information accurate and up to date?
Helix Access is committed to ensuring that the personal information it collects, holds, uses and discloses is relevant, accurate, complete and up-to-date. We encourage individuals to contact us to update any personal information we hold about them. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless the individual agrees otherwise. We do not charge individuals for correcting the information.
14. Access to personal information
Subject to the exceptions set out in the Privacy Act, individuals may gain access to the personal information that we hold about them by contacting the Helix Access Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal. An individual’s request for access to his or her personal information will be dealt with by allowing the individual to look at his or her personal information at the offices of Helix Access, or by providing copies of the information requested. We will require identity verification and specification of the information required. An administrative fee for search and photocopying costs may be charged for providing access.