Privacy Policy

1. Introduction

bitcastleFX is operated by CASTLE POINT, an Investment Dealer (Full-Service Dealer, excluding Underwriting), regulated by the Financial Services Commission (‘FSC’) in Mauritius under the license number GB22201004 (hereinafter referred to as “CP” or the “Company”). 

We understand the importance of maintaining the confidentiality and privacy of personal information that we hold about our clients and other third parties. This Privacy Policy Statement (hereinafter ‘this Statement’) outlines how we manage and protect the personal information you give us and hold about our clients. By visiting our website and using our services, your agreement to this Policy is implied. We are bound by the Mauritius Data Protection Act 2017. Mauritian Data Protection Act 2017, sets out the rules for information matching and provides on how the personal information is treated. These principles reflect internationally accepted standards for personal information handling.

This Policy will be reviewed periodically to take account of changes to our operations or practices and, further, to make sure it remains appropriate to any changes in law, technology and the business environment. You should check this page from time to time to ensure that you are happy with any changes. Any information held will be governed by our most current Policy.

2. Collection and processing of personal information

When we collect, store and use your personal information, we do so in accordance with the rules set down in the Mauritius Data Protection Act 2017. We are committed to being open and transparent about how we use your personal information.

We may collect and process the following data about you:

• Information that you provide by filling in forms on our website, including information provided when registering to open an Account, using our website, subscribing to our services or posting material;
• If you contact us or respond to surveys, we may keep a record of that correspondence;
• Details of any orders or transactions (historic or otherwise) that you have carried out through our website; Details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access;
• Information about your computer, including IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This data does not identify any individual.

3. How we use cookies

When you use our website, we will use cookies to distinguish you from other users of our website. This helps us to provide you with a more relevant and effective experience when you browse our website, including presenting websites according to your needs or preferences and allows us to improve the site generally.

4. How we use the information

We use information held about you in the following ways:

• to ensure that the content in our website is presented to you in the most effective manner;
• to provide you with products and services that you request from us or, where you have
• consented to be contacted, for products and services that we feel may be of interest to you;
• managing and administering the products and services provided to you;
• keeping you updated as a client in relation to changes to our services and relevant matters;
• to carry out our obligations arising from any contracts entered into between you and us.

We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by email

5. Who we disclose the information to?

Depending on the products and services concerned and the relevant restrictions on sensitive data, personal information may be disclosed to:

• Potential successors in title to our business;
• third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to IT support services) to us;
• any organisation or person acting on your behalf to whom you request us to provide information, including your financial advisor, broker, solicitor or accountant;
• third parties where it is necessary to process a transaction or provide services you have requested;
• to a Trade Repository or similar;
• Banks (where they request additional information following payments that you have made);
• credit providers, courts, tribunals and regulatory authorities in response to legal and regulatory requests or other government agencies, as agreed or authorised by law;
• auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate;
• at your request or with your consent.

6. Rights in relation to your personal information

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting through an email on our website.

You also have the right to obtain a copy of any personal information which we hold about you and to advise us of any perceived inaccuracy. To make a request, please write to us, verifying your identity and specifying what information you require. We may charge an administrative fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested.

You also have the right to ask us to delete or remove your personal information in certain circumstances such as if we no longer need it or you withdraw your consent (if applicable) provided that we have no legal obligation to retain that data. To make a request, please write to us, verifying your identity and specifying what information you require. If your information has been disclosed to other relevant parties, we will inform them about your request.  We may charge an administrative fee to cover the cost of verifying the application and locating, retrieving and erasing any personal information requested.

1. Legal bases for processing (for European Economic Area users)

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so, under applicable European Union laws. The legal bases depend on the services you use and how you use them.

This means we collect and use your information only where:

• we need it to provide you with our services, provide customer support and personalised features and to protect the safety and security of our services;
• it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services and to protect our legal rights and interests;
• you give us consent to do so for a specific purpose; or
• we need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g., your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services.

2. Processing outside the European Economic Area 

If you are an individual outside the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so, under applicable laws. The legal bases depend on the services you use and how you use them.

We may transfer your personal information outside the European Economic Area to other bitcastle related companies as well as service providers (i.e. Processors). To the extent we transfer your information outside the EEA, we will ensure that the transfer is lawful and that Processors in third countries are obligated to comply with the European data protection laws or other countries’ laws which are comparable and to provide appropriate safeguards in relation to the transfer of your data.

In view of the above, your personal information may be processed by staff in the Company  operating globally who work for us, another entity or for one of our service providers. Such staff may be, among others, engaged in the fulfillment of your requests, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing and processing. The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

7. Safeguard Measures

7.1 Storage of Data

We hold personal information in a combination of secure computer storage facilities and paper-based files and other records and take steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.

We limit access of information only to those relevant employees or partners that need to know the information in order to enable the carrying out of the Agreement between us. We do not hold or store Credit/Debit card data. We have procedures in place regarding how to safeguard and use your information, for example, by requesting our Affiliates and employees to maintain the confidentiality of your information.

7.2 Retention of Data

We will not keep your personal information for any longer than is required. In many cases, information must be kept for considerable periods of time according to certain anti-money laundering laws and  local regulatory requirements. However, when we consider that information is no longer needed, we will remove any details that will identify you or we will securely destroy the records.

While we will use all reasonable efforts to safeguard our clients’ personal information, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data transferred from you, or to you via the internet.

8. Obtaining Your consent

By submitting any personal information (including, without limitation, your account details) to us you consent to the use of information as set out in this Policy. We reserve the right to amend or modify this Privacy Policy and if we do so we will post the changes on the Website. It is your responsibility to check the Privacy Policy when you submit information to us. Your use of the Website will signify that you agree to any such changes.

You retain the right to withdraw that consent at any time by contacting us using the contact details set out in this Privacy Policy.

9. Personal information and other websites

We are not responsible for the privacy policies and practices of other websites even if you accessed a third-party website using links from our website. We recommend that you check the policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.

10. Amendments

We may, at any time and at our discretion, vary this, Policy. We will notify you, if we amend this Privacy Policy, by contacting you through the contact details you have provided to us. Any amended Privacy Policy is effective once we notify you of the change.

11. How to contact us

If you have any questions regarding this Policy, wish to access or change your information or have a complaint, or if you have any questions about security on our website, you may email us using the contact form on the help and support page.