General
This Privacy Policy is issued by CDJ SOCIAL STOCKS LTD ("CDJ", the "Company", "we", "us" or "our") and applies to individuals who are current or potential customers of CDJ or who are acting as authorized representatives of legal entities or individuals who are current or potential customers of CDJ or who are directors or beneficial owners of legal entities that are current or potential customers of CDJ (together, "you", "your"). This Privacy Policy also applies to individuals who have had such a business relationship with CDJ in the past.
This Privacy Policy provides information on the following key areas, among others:
- The categories of personal data that are collected and processed by CDJ and the purposes of such processing;
- The legal basis for the processing of your personal data;
- The recipients or categories of recipients of your personal data;
- The principles relating to the processing of your personal data;
- Your rights under applicable law and an explanation of how these rights may be exercised.
For the purposes of this Policy, "personal data" means any information about you that identifies you, directly or indirectly. Processing" means any operation or set of operations performed on personal data, such as collection, recording, storage, use, disclosure, deletion or destruction.
Who we are ?
CDJ is a licensed investment firm, registered in Cyprus under number HE 427157 and regulated by the Cyprus Securities and Exchange Commission ("CySEC") under license number 428/23.
The address of CDJ's registered office is 32A Stasikratous Street, Office 201, 1065, Nicosia, Chypre.If you have any questions or concerns regarding CDJ's processing of personal data, you may contact us by email at support@goliaths.io or by letter to the office address: 32A Stasikratous Street, Office 201, 1065, Nicosia, Chypre.
Collection of personal data
In order to register for a personal account with CDJ, the following personal data is required from you:
a. Personal information such as your name, date and place of birth, citizenship, nationality, home address, passport/ ID number, FATCA/ CRS information (tax residency, tax identification number), contact details (telephone, email), bank account details, occupation and information on whether you hold/held a prominent public function (for PEPs);
b. Financial information such as your income, source of funds and investment objectives;
c. Documents that verify your identity and residency such as an international passport or national ID and utility bills or bank statements.
We may also collect and process personal data from public sources (e.g. the Department of Registrar of Companies and Official Receiver, the press, the internet) as well as from risk management suites such as the WorldCheck database.
Children's data
CDJ does not provide any services to children, nor processes any personal data in relation to children, where ‘children’ are individuals who are under the age of eighteen (18).
Legal basis for the processing of your personal data
The protection of your privacy and personal information is of great importance to us. Your personal data is processed lawfully, fairly and in a transparent manner on the following bases:
a. For the performance of a contract
The processing of your personal data is necessary for the performance of a contract, namely the trading agreements to which you are party, or in order to take steps at your request prior to entering into a contract. In order to be able to render investment services to you and administer our relationship, we need to collect certain information about your identity, financial background and investment objectives.
b. For compliance with a legal obligation
The processing of your personal data is necessary for compliance with the legal obligations emanating from a number of laws to which CDJ is subject, e.g. the European Markets in Financial Instruments Directive (‘MiFIDII’) and the corresponding Investment Services and Activities and Regulated Markets Law 87(I)/2017 of theRepublic of Cyprus, the European and Cyprus legislation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, the Common Reporting Standard (‘CRS’), the MarketAbuse Regulation (‘MAR’), the European Market Infrastructure Regulation (‘EMIR’), the Foreign Account TaxCompliance Act (FATCA) and the Prevention and Suppression of Money Laundering and Terrorist Financing Law(188(I)/2007). Compliance with these legal obligations requires, inter alia, identity verification procedures and processes, anti-money laundering controls, the retention of personal data for a certain period of time, the disclosure of personal data to the supervisory and other regulatory and public authorities, etc.
c. For the purposes of the legitimate interests pursued by CDJ
The processing of your personal data is necessary for the purposes of the legitimate interests pursued by CDJ, where those interests do not infringe your interests, fundamental rights and freedoms. These legitimate interests include business or commercial interests and examples of relevant processing activities include:preparing our defense in litigation procedures; preventing fraud and money laundering activities; managing business and further developing and marketing of products and services
Your obligation to provide us with your personal data
The provision of your personal data is a requirement necessary to enter into a contract with CDJ and as a client of CDJ you will have statutory and contractual obligation to provide and keep up to date and accurate the personal dataset out in Section 3 of this Privacy Policy. Failure to provide such data will not allow us to commence or continue our business relationship, as compliance with our legal obligations will be deemed impossible.
Recipients or categories of recipients of your personal data
In the course of the performance of our contractual and statutory obligations and for legitimate business purposes, your personal data may be disclosed to:
a. Supervisory and other regulatory and public authorities, upon request or where required. Some examples are the Cyprus Securities and Exchange Commission, the Unit for Combating Money Laundering (‘MOKAS’),criminal prosecution authorities.
b. Auditors, lawyers, consultants and other outside professional advisors of CDJ, subject to confidentiality agreements.
c. Third party processors such as payment services providers, companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support, file storage and records management companies. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions
International transfer of personal data
Your personal data may be transferred to third countries (i.e. countries outside the European Economic Area), to recipients mentioned in paragraph 12 above, in connection with the purposes set out in this Privacy Policy. We may transfer your personal data to countries that may have different laws and data protection compliance requirements; however, processors in third countries are obliged to comply with the European data protection standards when processing your personal data. Where we transfer your personal data to third countries ,we doit on the basis of standard contractual clauses adopted by the European Commission.
Principles relating to the processing of your personal data
We have implemented appropriate technical and organisational measures to ensure appropriate security of your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. We take reasonable steps to ensure that your personal data that we process are accurate and, where necessary, kept up to date. From time to time we may ask you to confirm the accuracy of your personal data. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. We also make sure that all personal data we collect are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Period for which your personal data will be stored
We will keep your personal data for the duration of our business relationship and for five (5) years after the termination of our business relationship, unless otherwise requested by a competent authority, in line with the provisions of the applicable European and Cyprus legislation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, the Markets in Financial Instruments Directive (‘MiFID II’)and the corresponding Investment Services and Activities and Regulated Markets Law of the Republic of Cyprus.We may keep your data for longer if we cannot delete it for legal or regulatory reasons. In particular, the retention of data is not limited in time in the case of pending legal proceedings or an investigation initiated by a public authority, provided that in each case the Company has been informed of the pending legal proceedings or the investigation initiated by a public authority within the retention period described here inabove
Your rights
You have the following rights regarding your personal data we control and process:
- The right to request access to, or copies of, your personal data, together with information regarding the processing of those personal data.
- The right to request rectification of any inaccurate personal data concerning you.
- The right to request, on legitimate grounds and where there is no good reason for us continuing to process it,erasure of your personal data.
- The right to object, on grounds relating to your particular situation, to the processing of your personal data which is based on a legitimate interest pursued by CDJ. We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedom or for the establishment, exercise or defense of legal claims. You also have the right to object where your personal data are processed for direct marketing purposes and we shall stop the processing of your personal data for such purposes
- The right to request restriction of processing of your personal data where one of the following applies:
i. your personal data is not accurate, and we need to stop processing it until we verify it,
ii. your personal data has been used unlawfully,
iii. we no longer need your personal data for the purposes of the processing, but you want us to keep it for use in possible legal claims and
iv. you have already objected to the processing of your personal data and you are waiting for us to confirm if we have legitimate grounds for the processing of your data.
- The right to have your personal data transferred to another controller, to the extent applicable.
- The right to withdraw your consent, where we process your personal data on the basis of your consent. Please note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn by you.
- The right to lodge a complaint regarding the processing of your personal data by us. You can lodge your complaint by completing our complaints form(https://goliaths.io/). If you feel that your concerns have not been adequately addressed by us, you have the right to lodge a complaint with the Office of the Commissioner forPersonal Data Protection of the Republic of Cyprus. You can find information about submitting a complaint on their website (http://www.dataprotection.gov.cy).
Decision-making and profilingThe decision to establish a businessrelationship with you is not based on automated processing of your personal data.We may process some of your data, in order to assess certain personal aspects relating to you (profiling), which willenable us to perform a contract with you, in the following cases:
- Appropriateness assessment: Using the answers you provide through our online questionnaire, we assess theappropriateness of services or products based on your knowledge and experience. In case the Company,based on the results of this appropriateness assessment, decides that services or products are not appropriatefor you, it may refrain from offering such services or products to you
- Suitability assessment: The Company must, when providing the investment service of portfolio management orinvestment advice, obtain the necessary information regarding the client's or potential client's knowledge,experience, financial status, investment objectives and ability to bear losses so as to be able to recommend theservices and productsthat are suitable to the client’s profile. Using the answers you provide through our onlinequestionnaire, our system and CDJ officers assess the suitability of particularservices and productsfor you.
- Monitoring of clients’ accounts and transactions: The information received during the onboarding process iscompared with your actual trading activity, deposits and withdrawals. Data assessments, including transactionmonitoring, are carried out in the context of combating money laundering and fraud.
Changes to this Privacy Policy
At any time,the Companymay amend this Privacy Policy. You will be notified about material changes, however you areencouraged to review this Privacy Policy periodically, so as to be always informed about how we are processing andprotecting your personal data.
CookiesA cookie is a small piece of information stored on your computer or mobile device by a website you visit.Cookies help you navigate our website efficiently and allow us to understand visitor trends. To find out more abouthow we use cookies, please check our Cookie Policy.