Effective date:
Last updated:
Contents:
1. Who We Are (Data Controller) and Scope
2. What Personal Data We Collect
3. Purposes and Legal Bases for Processing
4. Who We Share Personal Data With (Recipients) and Third Parties
6. Retention (How Long We Keep Personal Data)
7. Your Rights and How to Exercise Them
7A. Children
This Privacy Notice explains how IAFT LTD, registered at 6 Vasili Vryonides Street, Gala Court Chambers, 5th Floor, Offices 501–502, Office O, 3095 Limassol, Cyprus (the “Company”, “we”, “us”, “our”), processes personal data when you access or use TradersUnion.com and any of its subdomains, pages, applications, or services operated by the Company (the “Website”).
For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the UK GDPR, the Company acts as the data controller for personal data processed through the Website, unless otherwise expressly stated.
This Notice applies to:
(a) Website visitors;
(b) registered users and account holders;
(c) individuals who subscribe to newsletters or receive communications from us; and
(d) individuals who use rewards/rebate/cashback features and related account-linking and withdrawal functionality (where available).
Contact (privacy/compliance): compliance@tradersunion.com
Support: support@tradersunion.com
Where we rely on consent (for example, for non-essential cookies and similar technologies), you may withdraw your consent at any time via cookie settings or other available controls.
Definitions (for the purposes of this Notice)
“Third-Party Provider” means any broker, exchange, trading platform, advertiser, affiliate partner, or other third party referenced, reviewed, compared, or linked to on the Website (as aligned with the Terms of Use and the Advertiser & Affiliate Disclosure).
“User-Generated Content” or “UGC” means any content submitted by users on the Website, including reviews, ratings, comments, and other materials.
We collect personal data that you provide directly, data generated when you use the Website, and data we receive from or via third parties where necessary to operate the Website and its features (including advertising/affiliate attribution and rewards/rebate functionality where applicable). The specific categories depend on how you interact with the Website.
Account and Profile Data
If you create an account or log in, we may collect and process:
(a) email address;
(b) username/display name;
(c) account preferences and settings;
(d) account status (e.g., active/suspended) and related administrative records; and
(e) authentication and security data (e.g., password hash, session identifiers, login/security logs).
Communications and Support Data
If you contact us (including via support or compliance channels), submit complaints, or otherwise communicate with us, we may process:
(a) the content of your messages and attachments;
(b) contact details and identifiers necessary to respond;
(c) timestamps and correspondence history; and
(d) internal records relating to handling and resolution of requests/complaints.
User-Generated Content (UGC)
Where the Website allows you to submit content (e.g., reviews, ratings, comments), we may process:
(a) the content you submit;
(b) associated metadata (e.g., timestamps, page/location of submission);
(c) identifiers linking the content to your account (where applicable); and
(d) moderation, integrity, and complaints records (including actions taken under our policies).
Rules for publishing and moderating UGC (including review requirements and anti-manipulation measures) are described in the User Reviews Policy, and the process for complaints/notices regarding content is set out in the Complaints Handling Policy.
Rewards / Rebates / Cashback and Account-Linking Data (where available)
If you use features relating to rewards/rebates/cashback, account-linking, reward records, or payout functionality, we may process:
(a) the broker/platform/partner you select (Third-Party Provider);
(b) trading account identifier/number or other linking details you submit;
(c) linkage/verification status and related timestamps;
(d) reward balance, reward/transaction history, credits and calculations;
(e) withdrawal requests, withdrawal status, and related records; and
(f) fraud-prevention and integrity signals associated with such features (e.g., duplicate accounts, abnormal activity indicators).
Withdrawal / Payout Data (where applicable)
Where withdrawal/payout functionality is available and you request a payout, we may process data necessary to execute the request, which may include:
(a) payout method and destination details (e.g., bank/e-wallet identifiers or other payout details, depending on what is offered);
(b) payee/recipient details where required; and
(c) transaction references and confirmations.
We do not intentionally collect payment card details for ordinary Website use unless explicitly required by a specific payout method or feature, in which case additional information may be requested and an updated notice may be provided.
Important: any withdrawals/payouts on the Website (where available) relate to rewards/rebates/cashback functionality and do not constitute the provision of payment services or other regulated financial services by the Company. Payout processing is carried out using independent payment service providers and/or payout partners (where applicable), subject to such third parties’ terms.
Technical, Usage and Device Data
When you visit or use the Website, we may automatically collect:
(a) IP address and approximate location derived from IP (city/country level) where technically necessary for security, fraud prevention, localisation, or legal compliance;
(b) device identifiers, browser type/version, operating system;
(c) pages viewed, interactions, timestamps, referral URLs; and
(d) diagnostic logs and security events.
Cookies and similar technologies
We use cookies and similar technologies (such as pixels, tags, SDKs and local storage) for Website operation and security and—where required by law and with your consent—for analytics and marketing, including affiliate attribution.
You can manage your preferences and change or withdraw consent at any time via “Cookie settings” on the Website. For details on cookie categories, providers and retention periods, please see our Cookie Policy.
Data from Third Parties (limited and contextual)
In limited cases, we may receive data from third parties, such as:
(a) aggregated or event-level attribution information from affiliate/advertising partners (e.g., whether a click or registration was attributed), and/or
(b) account-linking/verification status from Third-Party Providers where you use reward features.
We do not control third-party providers’ independent processing and you should review their notices and terms.
We process personal data only where we have a lawful basis under applicable data protection laws (including GDPR and UK GDPR). The legal basis depends on the purpose for which we use the data.
Purposes and legal bases (summary table)
A) Account creation, login, and account administration
• Data categories: Account and Profile Data; Technical/Usage Data (security logs).
• Purpose: provide account features, authenticate users, manage account settings, and maintain service integrity.
• Legal basis: Contract (Art. 6(1)(b)) + Legitimate interests (Art. 6(1)(f)) for security and abuse prevention.
B) User-Generated Content (UGC), moderation, integrity, and notices/complaints
• Data categories: UGC; Communications; Technical/Usage Data; moderation records.
• Purpose: enable posting/display of UGC; apply risk-based moderation; prevent spam/manipulation; investigate notices/complaints.
• Legal basis: Legitimate interests (Art. 6(1)(f)); and Contract (Art. 6(1)(b)) where UGC posting is provided as part of the user account functionality.
C) Rewards / rebates / cashback programme and account linking (where available)
• Data categories: Rewards/Account-Linking Data (selected broker/partner; trading account identifier/number; verification status; reward balance/history).
• Purpose: enable linking/verification with relevant partners; calculate/credit rewards; maintain balance and history; resolve disputes and perform audits; prevent fraud.
• Legal basis: Contract (Art. 6(1)(b)) + Legitimate interests (Art. 6(1)(f)) (fraud prevention, service integrity, dispute handling).
D) Withdrawals / payouts (where available)
• Data categories: Withdrawal/Payout Data; Rewards records; Communications; security logs.
• Purpose: process withdrawal requests; confirm and record transactions; prevent fraud; handle related support and disputes.
• Legal basis: Contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c)) where accounting, tax, anti-fraud or other legal requirements apply; and Legitimate interests (Art. 6(1)(f)) for security and dispute handling.
E) Customer support, compliance enquiries, and dispute handling
• Data categories: Communications; Account Data; relevant technical logs.
• Purpose: respond to enquiries; administer complaints; maintain records of responses and resolutions.
• Legal basis: Legitimate interests (Art. 6(1)(f)); Legal obligation (Art. 6(1)(c)) where applicable.
F) Security, fraud prevention, and enforcement of policies
• Data categories: Technical/Usage Data; account security data; relevant rewards/withdrawal integrity signals.
• Purpose: protect the Website, users, and Company; detect misuse; enforce Terms and related policies; maintain logs for incident response.
• Legal basis: Legitimate interests (Art. 6(1)(f)); and Legal obligation (Art. 6(1)(c)) where required.
G) Newsletters and marketing communications
• Data categories: email address; subscription status; consent logs; delivery logs.
• Purpose: send newsletters and similar communications.
• Legal basis: Consent (Art. 6(1)(a)). You may withdraw consent and unsubscribe at any time.
H) Cookies, analytics, marketing and affiliate attribution
• Data categories: cookie identifiers; online identifiers; usage events (depending on configuration and chosen settings).
• Purposes: core functionality and security (strictly necessary cookies); analytics and Website improvement; performance measurement; advertising and affiliate attribution (where applicable).
Legal basis:
• strictly necessary cookies — necessary to provide the service requested by the user and/or our legitimate interests in ensuring Website security and stability (subject to applicable law and ePrivacy/PECR “strictly necessary” exemptions);
• non-essential cookies (functional/analytics/marketing, including affiliate) — consent (Art. 6(1)(a) GDPR/UK GDPR) and ePrivacy/PECR requirements where required by law.
See: Cookie Policy and Advertiser & Affiliate Disclosure.
I) Legal compliance, accounting, and protection of legal rights
• Data categories: relevant Account Data; Communications; rewards/withdrawal records; audit logs.
• Purpose: comply with legal obligations; maintain accounting/audit trails; establish, exercise or defend legal claims.
• Legal basis: Legal obligation (Art. 6(1)(c)); Legitimate interests (Art. 6(1)(f)).
Legitimate interests
Where we rely on legitimate interests, we balance our interests (such as operating and securing the Website, preventing fraud, ensuring integrity of UGC and reward features) against your rights and expectations. You may object to processing based on legitimate interests in certain circumstances.
Withdrawal of consent
Where processing is based on consent (e.g., newsletters; non-essential cookies), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
We share personal data only to the extent necessary for the purposes described in this Privacy Notice and, where applicable, under appropriate contractual and security measures.
Service providers (processors)
We may share personal data with third-party service providers that support the operation of the Website and our services, acting as processors on our instructions under contract, such as:
(a) hosting, content delivery networks, and infrastructure providers;
(b) security and fraud-prevention providers;
(c) email delivery and newsletter service providers;
(d) analytics and performance measurement providers (subject to your cookie choices where required);
(e) customer support and ticketing tools; and
(f) IT maintenance and administrative service providers.
Partners and Third-Party Providers (brokers/platforms) — account linking and rewards (where applicable)
If you use features relating to rewards/rebates/cashback, account linking, verification, or withdrawals, we may share relevant data with third-party providers you choose or interact with (e.g., the selected broker/platform/partner) to:
(a) confirm or verify account-linking details you submit;
(b) calculate, attribute, and credit rewards in connection with your use of the partner’s services;
(c) prevent fraud, duplication, and misuse; and
(d) handle enquiries, disputes, and audits relating to such features.
Important: Such third-party providers are independent from the Company. We do not provide brokerage, execution, investment advice, portfolio management, or other regulated financial services, and we do not act as an agent of any broker/platform. Any trading or investment activity occurs solely between you and the relevant third-party provider under that provider’s terms and disclosures.
Advertising and affiliate/attribution partners (where applicable)
The Website may include advertising, sponsored placements, and affiliate/referral links. Where applicable, we may share limited identifiers and event-level data with advertising and affiliate/attribution partners for:
(a) measuring performance and attribution (e.g., whether a click, registration, or other event was attributed);
(b) preventing fraud and ensuring integrity of attribution; and
(c) reporting and reconciliation.
Where required by law, this processing is carried out only where you have consented to non-essential cookies and similar technologies. See our Cookie Policy and Advertiser & Affiliate Disclosure.
Payment service providers and payout partners (where applicable)
Where rewards/rebates/cashback withdrawal/payout functionality is available on the Website, we may share personal data necessary to process the relevant withdrawal/payout request with independent payment service providers and/or payout partners (“Payment Service Providers”), and, where necessary, for fraud prevention and compliance with legal obligations.
Depending on the payout method you select, the data shared may include recipient/payout method details, payout amount, transaction identifiers and references, and technical identifiers required for reconciliation and integrity checks.
Payment Service Providers process personal data under their own terms and privacy notices and may act as independent data controllers and/or data processors depending on the specific transaction and their role. We do not control their independent processing of personal data. Payment Service Providers may apply their own procedures and checks (including identity/verification checks where required) in accordance with applicable law and their policies.
Such checks are carried out by the relevant Payment Service Provider under its own procedures and applicable law, and not by the Company, unless expressly stated otherwise.
Such processing relates to rewards/rebates/cashback payouts (where applicable) and does not mean that the Company provides payment services. Further information on the roles of the Company and Payment Service Providers in relation to payouts is set out in the Terms of Use, Article 2.5A.
Professional advisers and corporate transactions
We may share personal data with professional advisers (legal counsel, auditors, consultants) where necessary for compliance, risk management, dispute handling, or corporate governance.
In the event of a corporate reorganisation, merger, acquisition, or sale of assets, personal data may be disclosed to relevant parties (subject to confidentiality and lawful safeguards).
Authorities and legal requirements
We may disclose personal data where required to comply with law, regulation, court orders, or requests from competent authorities, or where necessary to establish, exercise, or defend legal claims.
We do not sell personal data
We do not sell personal data. Any sharing described above is limited to what is necessary for the stated purposes.
Transfers outside the EEA/UK
The Company is established in Cyprus, and personal data may be processed in the EEA and, where necessary, transferred to and processed in countries outside the EEA and/or the UK (for example, where our service providers, advertising/analytics partners, or technical infrastructure operate internationally).
Safeguards
Where we transfer personal data outside the EEA, we use appropriate safeguards in accordance with GDPR, including the EU Standard Contractual Clauses (SCCs), and implement supplementary measures where required.
Where we transfer personal data outside the UK, we use the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU SCCs, as applicable, together with supplementary measures where required.
How to obtain information
You may contact us at compliance@tradersunion.com to request information about the safeguards we rely on for relevant transfers (including, where appropriate, a copy of the relevant contractual terms, subject to necessary redactions).
Special cases
In limited circumstances, we may rely on other lawful transfer mechanisms permitted under GDPR/UK GDPR (for example, where a transfer is necessary for the performance of a contract requested by you). Where this applies, we will do so only in accordance with applicable legal requirements.
We keep personal data only for as long as necessary for the purposes described in this Privacy Notice, and then delete or anonymise it, unless we are required to retain it longer for legal, accounting, security, or dispute-resolution purposes.
Account data
We retain account and profile data while your account is active. If you delete your account or it becomes inactive, we may retain certain data for a reasonable period to:
(a) maintain security and prevent abuse;
(b) comply with legal obligations; and
(c) establish, exercise, or defend legal claims.
User-Generated Content (UGC) and moderation records
UGC may remain publicly available for as long as it is published on the Website, subject to our policies and moderation actions. We may retain:
(a) UGC and associated metadata for as long as necessary to operate the Website and preserve content integrity; and
(b) moderation, notice-and-action, and complaint-handling records for as long as necessary to demonstrate compliance, prevent misuse, and handle disputes.
Rewards/rebates/cashback and withdrawals (where applicable)
Where you use rewards/rebate/cashback features and withdrawals, we retain related records (e.g., account linking/verification status, reward balance/history, withdrawal requests and outcomes) for as long as necessary to:
(a) administer the programme and provide the relevant functionality;
(b) prevent fraud and misuse;
(c) perform audits and reconciliations with partners; and
(d) meet applicable legal, accounting, and compliance obligations.
Such records may be retained longer than general website usage logs where required by law or to handle disputes.
Newsletters
We retain newsletter subscription data until you unsubscribe or withdraw consent. We also maintain a suppression record to ensure we respect your opt-out.
Technical logs and usage data
Technical and usage logs are generally retained for up to 24 months, unless a longer period is necessary for:
(a) security investigations and incident response;
(b) fraud prevention; or
(c) compliance with legal obligations.
Cookies
Cookie retention periods vary by cookie type and are described in the Cookie Policy and/or cookie preference tool.
Criteria used to determine retention
When deciding how long to keep personal data, we consider:
(a) the nature and sensitivity of the data;
(b) the purpose for which it is processed;
(c) legal and regulatory requirements; and
(d) the need to establish, exercise, or defend legal claims.
Your rights (GDPR / UK GDPR)
Subject to applicable law and certain limitations/exceptions, you may have the following rights in relation to your personal data:
(a) Right of access — to obtain confirmation as to whether we process your personal data and to access it;
(b) Right to rectification — to request correction of inaccurate or incomplete data;
(c) Right to erasure (“right to be forgotten”) — to request deletion of personal data in certain circumstances;
(d) Right to restriction — to request restriction of processing in certain circumstances;
(e) Right to object — to object to processing based on legitimate interests and, where applicable, to direct marketing;
(f) Right to data portability — to receive certain personal data you have provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller, where applicable;
(g) Right to withdraw consent — where processing is based on consent (e.g., newsletters; non-essential cookies), you may withdraw consent at any time; and
(h) Right not to be subject to solely automated decisions — where applicable, not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
How to exercise your rights
To exercise your rights, contact us at: compliance@tradersunion.com.
Please include sufficient information to identify you (for example, the email associated with your account). We may request reasonable verification of identity to protect your data and prevent unauthorised access.
Response times
We respond without undue delay and generally within one month of receiving a request. This period may be extended in accordance with applicable law (for example, where requests are complex or numerous). If we extend the time limit, we will inform you and explain why.
Right to object to legitimate interests
Where we process your personal data based on legitimate interests, you may object to such processing. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or we need to process data for the establishment, exercise or defence of legal claims.
Direct marketing
You may object to direct marketing at any time. Where newsletters are sent based on consent, you can also withdraw consent and unsubscribe using the link in each email.
Limitations and legal obligations
Your rights are not absolute. We may need to retain and process certain data to comply with legal obligations, prevent fraud, maintain security, or establish, exercise or defend legal claims. Where we cannot comply fully with a request, we will explain the reasons (to the extent permitted by law).
Complaints
If you have concerns about our data processing, you can contact us at compliance@tradersunion.com.
The process for handling complaints and notices is also described in the Complaints Handling Policy.
You also have the right to lodge a complaint with a competent data protection authority. IAFT LTD is established in Cyprus; you may contact the Cyprus Commissioner for Personal Data Protection. If you are in the UK, you may lodge a complaint with the UK Information Commissioner’s Office (ICO).
The Website is not intended for persons under 18. We do not knowingly collect personal data from persons under 18. If you believe that a minor has provided us with personal data, please contact us at compliance@tradersunion.com and we will take reasonable steps to delete such data and/or restrict processing where required.
