b) Who is collecting data
Onyx Group consists of the following entities:
- Onyx Commodities Limited with company number 03948550, ICO registration ZB182874 and business address 95 Cromwell Road, Second Floor London, SW7 4DL
- Onyx Capital Advisory Limited with company number 11472304, ICO registration ZA568423 and business address 95 Cromwell Road, Second Floor London, SW7 4DL
- Flux Financial Limited with company number 13409640, ICO registration ZB182886 and business address 95 Cromwell Road, Second Floor London, SW7 4DL
All Onyx Group subsidiaries are separate Data Controllers of personal data and are therefore independently registered with the Information Commissioner’s Office (“ICO”). All personal data is processed and stored independently of other Onyx Data Controllers. Please note that personal data is not shared between these entities without your explicit consent.
c) What data is being collected
The information we collect from you will vary depending on which Onyx entity you deal with. Examples of personal information we may process are:
- contact information including your name, telephone number, e-mail address
- identity information including your date of birth, address, ID number, photograph, employer, job title
- financial information necessary for bank payments such as bank details
- records of any conversations with you by telephone, e-mail or otherwise
When you visit our site, we may also automatically collect information for internal operations such as troubleshooting, data analysis, testing, research, statistical purposes and to keep our site safe and secure. Examples are:
- technical information, including the Internet Protocol (“IP”) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- information about your visit, including the full Uniform Resource Locators (“URL”) clickstream to, through and from our site (including date and time)
- products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page
d) Why data is being collected
We will only process your personal data when we have specific purpose and lawful reasons to do so. We may process your personal data on one or more of the following legal grounds:
- to comply with any legal and regulatory obligations
- to carry out our obligations arising from any terms entered into with you because it is necessary for the performance of our services
- where processing is necessary for the purpose of our legitimate interests (provided these interests are not overridden by your own rights or interests)
- to inform you of changes to our services
The provision of data is discretionary however a lack of data can be an impediment to the exchange of information necessary for the above purposes.
We also collect your data so we can provide you with additional information regarding services you have already purchased or enquired about. We may also inform you about services we offer that we believe you have an interest in and would benefit your business.
You have the right to opt out at any time if you do not want to receive further marketing-related communications from us.
e) How we collect data
We collect the majority of personal data through direct correspondence with you or your organisation, by email, telephone and via information request forms, account related documents and terms. As above, some data is collected through website traffic.
f) How data is processed and stored
Personal data is processed both manually and electronically in accordance with the above-mentioned purposes. Each Data Controller has its own CRM system and our employees are only able to access your data if they have a need for it. All employees are appropriately designated and trained to process data.
We take all reasonable steps to ensure that the information we hold is accurate however please contact us and ask for its correction if you feel any information is inaccurate or incomplete.
Your personal data will be deleted when it is no longer reasonably required for the aforementioned purposes or when we are not legally required or otherwise permitted to continue storing such data. When assessing what retention period is appropriate, we will consider, amongst other things, the requirements of our business, the purposes for which we collected the data, our regulatory requirements, and the legal basis for processing.
We have in place procedures to deal with any suspected data security breach and will notify you and the ICO (or any other relevant regulator) where we are legally required to do so.
g) With whom data can be shared
We may disclose your personal data with authorised service providers who perform services for us (including background checks, trade monitoring/reporting, professional advisory services, cloud services, data storage, payment processing, customer support and billing). Our contracts with our service providers include commitments that they agree to limit their use of personal data to our specific instructions and to comply with privacy and security standards.
Without prejudice to any communications made to comply with legal or contractual obligations, data may also be disclosed to external parties as required by laws or regulations (e.g. court, tribunal, Regulatory Authority or Governmental Entity).
When we share your information with contracted third party companies we remain responsible for your data and we take all reasonable steps to ensure that your information and privacy are protected in line with the applicable legal obligations.
h) Your rights
You have the right to:
- request a copy of your data in a structured, commonly used and machine-readable format
- request from us access to and rectification or erasure of your data
- restrict or object to us processing your data
- the right to have your personal data transmitted directly from a controller to another, where technically feasible
- lodge a complaint against us if you have a concern about our handling of your data
Please contact us on the below details to action any of these requests. We will consider any requests or complaints and will respond in a timely manner. If you are not satisfied with our response, you may take your complaint to the ICO (www.ico.org.uk). The ICO can be contacted via their hotline: 0303 123 1113 or through the concerns section of their website: https://ico.org.uk/concerns/.
Please note we reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data, and for any additional copies of the personal data you request from us. Any other applicable conditions to these rights will be advised upon at the time of your request.
If you have any questions or concerns about this policy, please contact our Data Protection Officer by emailing: firstname.lastname@example.org