Privacy Policy

 

OSTC Foreign Exchange Limited is committed to protecting and respecting your privacy.

OSTC Foreign Exchange Limited trading as Godi Financial (‘Godi’). OSTC Foreign Exchange Limited is authorised by the Financial Conduct Authority under the Payment Service Regulations 2009 (No 588884) for the provision of payment services and is a registered money services business with HM Revenue and Customs No. 12691848.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our websites you are accepting and consenting to the practices described in this policy.

For the purpose of the European Data Protection Regulations (‘GDPR’) and the Data Protection Act 2018 (the Act) and, the data controller is OSTC Foreign Exchange Limited, 21-25 North Street, Bromley, Greater London, BR11SD.

 

This Privacy Statement explains how we process your information and your rights under both DPA and GDPR.

 

Information we may collect from you

We may collect and process the following data about you:

 

  • Information you give us
Address
DOB
Email address
Company Name
Name
ID- Passport, National  ID card, Drivers Licence
Proof of Address such as bank statement or utility bill within the past three months
Certificate of incorporation

 

  • Information we collect about you

IP Address

  • Information we receive from other sources
KYC/ AML report
ID verification

 

 

 

 

 

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy below.

 

Uses made of the information

We use information held about you in the following ways:

 

  • Information you give to us. We will use this information provide services to you. Information we collect about you. We will use this information to better provide services to you.
  • Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).

 

Disclosure of your information

We may share your personal information with our KYC/ AML provided in order for us to complete the government required checks to enable us to onboard you.

We may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with [them or] you, including without limitation any data processor we engage.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.

 

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of OSTC Foreign exchange Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

 

All information you provide to us is stored on our secure servers. Any payment transfers will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone.

 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site: any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.

 

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at service@godi.io.

 

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

Your rights under Data Protection Law

We operate under the Data Protection Act 2018 (‘DPA’) and the European General Data Protection Regulation (‘GDPR’).

 

The DPA and GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.

 

We must ensure that personal data shall be:

  1. Processed lawfully, fairly and in a transparent manner
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  4. Accurate and where necessary kept up to date
  5. Kept for no longer than is necessary for the purposes for which the personal data are processed. We operate a data retention policy that ensures we meet this obligation. We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For detail of our current retention policy contact our privacy officer at service@godi.io
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

 

We ensure lawful processing of personal data by obtaining consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.

 

In the majority of cases we process personal data based on your contract with us. In other cases, we process personal data only where there are legitimate grounds for so doing.

 

To meet our Data Protection obligations, we have established comprehensive and proportionate governance measures.

 

We ensure data protection compliance across the organisation through:

  1. Implementing appropriate technical and organisational measures including internal data protection policies, staff training, internal audits of processing activities, and reviews of internal HR policies
  2. Maintaining relevant documentation on processing activities
  3. Implementing measures that meet the principles of data protection by design and data protection by default including data minimisation, pseudonymisation, transparency, deploying the most up-to-date data security protocols and using data protection impact assessments across our organisation and in any third-party arrangements

 

Under the GDPR You have the following specific rights in respect of the personal data we process:

  1. The right to be informed about how we use personal data – This Privacy Statement explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of any transfers of personal data outside the UK
  2. The right of access to the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt
  3. The right to rectification where data are inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request
  4. The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
  5. The right to restrict processing, for example while we are reviewing the accuracy or completeness of data or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue
  6. The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services
  7. The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task
  8. Rights in relation to automated decision making and profiling

 

Please contact our privacy officer at service@godi.io for more information about the GDPR and your rights under Data Protection law.

If you have a complaint about data protection at OSTC Foreign Exchange Limited, please contact our privacy officer at service@godi.io.

Alternatively contact our supervisory authority for data protection compliance: www.ico.org.uk:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

 

About cookies

Cookies are pieces of information that a website transfers to your computer’s hard disk for record-keeping purposes. Cookies can make the internet more useful by storing information about your preferences on a particular site, such as your personal preference pages.

The use of cookies is an industry standard, and most websites use them to provide useful features for their customers. Cookies in and of themselves do not personally identify users, although they do identify a user’s computer. Most browsers are initially set to accept cookies.

If you would prefer, you can set yours to refuse cookies. However, you may not be able to take full advantage of a website if you do so.

 

We use the following cookies:

Category: Necessary (4)
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

 

COOKIE NAME PROVIDER TYPE EXPIRY
ASP.NET_SessionId clientportal.godi.io HTTP Session
First found URL: https://www.godi.io/login/

Cookie purpose description: Preserves the visitor’s session state across page requests.

Initiator: Script tag
Source: https://www.godi.io/login/
Data is sent to: United States (adequate)
ASP.NET_SessionId crm.ostcfx.com HTTP Session
First found URL: https://www.godi.io/open-account/corporate/

Cookie purpose description: Preserves the visitor’s session state across page requests.

Initiator: Script tag
Source: https://www.godi.io/open-account/corporate/
Data is sent to: United States (adequate)
CookieConsent godi.io HTTP 1 year
First found URL: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/

Cookie purpose description: Stores the user’s cookie consent state for the current domain

Initiator: Script tag
Source: notinstalled
Data is sent to: Ireland (adequate)
PHPSESSID godi.io HTTP Session
First found URL: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/

Cookie purpose description: Preserves user session state across page requests.

Initiator: Webserver
Source: godi.io
Data is sent to: United States (adequate)

 

Category: Preferences (1)
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

 

COOKIE NAME PROVIDER TYPE EXPIRY
lang ads.linkedin.com HTTP Session
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Remembers the user’s selected language version of a website

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: Ireland (adequate)

 

Category: Statistics (4)
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

 

COOKIE NAME PROVIDER TYPE EXPIRY
@@History/@@scroll|# youtube.com HTML Session
First found URL: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/

Cookie purpose description: Unclassified

Initiator: Webserver
Source: youtube.com
Data is sent to: United States (adequate)
_ga godi.io HTTP 2 years
First found URL: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/

Cookie purpose description: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

Initiator: Script tag
Source: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/
Data is sent to: United States (adequate)
_gat godi.io HTTP Session
First found URL: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/

Cookie purpose description: Used by Google Analytics to throttle request rate

Initiator: Script tag
Source: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/
Data is sent to: United States (adequate)
_gid godi.io HTTP Session
First found URL: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/

Cookie purpose description: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

Initiator: Script tag
Source: https://www.godi.io/2017/03/08/experts-address-issues-surrounding-international-trade-ahead-of-brexit/
Data is sent to: United States (adequate)

 

Category: Marketing (8)
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

 

COOKIE NAME PROVIDER TYPE EXPIRY
bcookie linkedin.com HTTP 2 years
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Used by the social networking service, LinkedIn, for tracking the use of embedded services.

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: United States (adequate)
BizoID ads.linkedin.com HTTP 179 days
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Unclassified

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: Ireland (adequate)
bscookie linkedin.com HTTP 2 years
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Used by the social networking service, LinkedIn, for tracking the use of embedded services.

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: United States (adequate)
GPS youtube.com HTTP Session
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: United States (adequate)
lidc linkedin.com HTTP Session
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Used by the social networking service, LinkedIn, for tracking the use of embedded services.

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: United States (adequate)
UserMatchHistory ads.linkedin.com HTTP 179 days
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Unclassified

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: Ireland (adequate)
VISITOR_INFO1_LIVE youtube.com HTTP 179 days
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Tries to estimate the users’ bandwidth on pages with integrated YouTube videos.

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: United States (adequate)
YSC youtube.com HTTP Session
First found URL: https://www.godi.io/2017/01/05/example-in-the-community-post/

Cookie purpose description: Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Initiator: Script tag
Source: https://www.godi.io/2017/01/05/example-in-the-community-post/
Data is sent to: United States (adequate)

 

 

 

 

 

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

 

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to service@godi.io

 

Policy Last updated: 22/05/18