PRIVACY AND DATA PROTECTION POLICY
OVAL LTD
AUTHORIZED AND REGULATED BY THE FINANCIAL SERVICES AUTHORITY SEYCHELLES
B2C (Business to Client) General Terms & Conditions
Effective from
December 2025
Version 1
Oval Ltd (“the Company”, “we”, “us”, “our”), a company licensed and regulated by the Financial Services Authority (FSA) of Seychelles under License No. SD221, is committed to protecting the privacy, confidentiality, and security of personal data collected from clients, website visitors, and platform users.
This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information in accordance with applicable Seychelles laws, including the Securities Act 2007, the Financial Consumer Protection Act 2022 (FCPA), and international data-protection best practices.
By using our services, website, or trading platform, you acknowledge that you have read and understood this Privacy Policy.
1. Purpose of This Policy
This Privacy Policy ensures that Oval Ltd handles personal information lawfully, transparently, and securely. It outlines:
The types of data we collect
How we process, store, and protect such data
Your rights as data subjects
When and how your data may be shared with third parties
The Company’s responsibilities as a Data Controller
2. Definitions
For the purposes of this Policy:
“Personal Data”: Any information that identifies, or can identify, an individual (e.g., name, ID number, email, financial information).
“Processing”: Any operation performed on personal data, including collection, storage, use, transfer, or deletion.
“Data Controller”: Oval Ltd, which determines the purpose and means of processing personal data.
“Data Subject”: Any natural person whose personal data we process.
3. Lawful Basis for Data Processing
Oval Ltd processes personal data only where lawful and justified, including:
Performance of a contract – to provide trading services and fulfill our obligations.
Compliance with legal obligations – including AML/CFT requirements, reporting obligations, and FSA-mandated record keeping.
Legitimate interests – such as enhancing platform security and improving customer experience.
Consent – where explicitly required (e.g., marketing communications).
4. Types of Personal Data We Collect
We may collect the following categories of information:
Identity & KYC/AML Data
Full name
Date and place of birth
Nationality
Government-issued identification (passport, ID card)
Proof of address
Tax Identification Number (TIN/NIN)
Source of funds/wealth information
Selfie or live-photo verification
Contact Information
Phone number
Email address
Residential address
Financial Information
Bank account details
Payment transaction records
Trading account information
Deposits and withdrawals
Wallet and balance activity
Technical & Usage Data
IP address
Device identifiers
Login history
Browser type
Cookies and tracking data
Website and platform interactions
Communication Data
Emails, chats, support tickets
Recorded voice calls (as required for audit and compliance)
5. How We Use Personal Data
Oval Ltd may process your data for the following purposes:
To open and maintain trading accounts
To perform KYC/AML verification and ongoing monitoring
To process deposits, withdrawals, and payments
To comply with FSA regulations and legal reporting obligations
To monitor trading activity and prevent fraud or abuse
To provide customer support
To improve our products, systems, and security
To send operational, regulatory, or account-related communications
We do not sell, rent, or trade personal data with third parties.
6. Data Controller Responsibilities (as required under FSA standards)
Oval Ltd, as the Data Controller, is responsible for:
Ensuring all personal data is collected and processed lawfully, fairly, and transparently.
Implementing adequate technical and organizational security measures to protect data from unauthorized access, breaches, or misuse.
Maintaining accurate and up-to-date records of data processing activities (including AML-related records).
Limiting data access only to authorized personnel bound by confidentiality obligations.
Ensuring third-party service providers follow equivalent data-protection standards.
7. Data Retention
We retain personal data only as long as required for:
Legal and regulatory obligations
AML/CFT requirements
FSA-mandated retention periods (minimum 7 years)
The purposes for which the data was collected
After the applicable retention period, data is securely deleted or anonymized.
8. Sharing of Personal Data
We may share data only with trusted third parties where necessary, including:
KYC/AML verification providers
Payment service providers
Banking institutions
Liquidity providers
Auditors and legal consultants
IT and cybersecurity service providers
FSA Seychelles and other regulators (only when legally required)
Every third party is bound by confidentiality and data-protection agreements.
9. International Data Transfers
Where data is transferred outside Seychelles, we ensure:
The receiving country has adequate data-protection standards, or
Protective contractual clauses are implemented, or
Transfer is necessary for contractual performance or regulatory compliance.
10. Cookies & Tracking Technologies
We use cookies to:
Provide secure login sessions
Improve website performance
Analyze traffic to enhance user experience
Remember user preferences
Users may choose to disable cookies, but certain features may not function properly.
11. Data Security
We implement industry-standard safeguards, including:
Encryption (in transit and at rest)
Secure servers and firewalls
Multi-factor authentication (MFA)
Access control and monitoring
Regular security audits and penetration testing
Incident response procedures compliant with FSA requirements
12. Your Rights as a Data Subject
You have the right to:
Access your personal data
Rectify inaccurate or incomplete information
Request deletion of data where legally permissible
Withdraw consent (where applicable)
Object to certain forms of processing
Request restriction of processing
Receive a copy (data portability) of your data (where applicable)
To exercise your rights, contact: [email protected]
13. Marketing Communications
We may send marketing messages only if:
You have given explicit consent, OR
It relates to similar products/services you already use
You may opt out anytime through the unsubscribe link or by contacting us.
14. Use of Automated Decision-Making
Certain processes (e.g., KYC risk scoring) may be automated.
These systems are monitored by compliance staff to ensure fairness and accuracy.
15. Third-Party Links
Our website may contain links to external websites.
We are not responsible for their privacy practices.
We encourage you to review their policies before providing any personal data.
16. Amendments to This Policy
Oval Ltd may update this Privacy Policy when required by:
Changes in FSA regulations
New legal obligations
Internal compliance updates
Platform improvements
All updates will be posted on our website with the effective date.
17. Contact Information
For questions or complaints related to privacy, data protection, or this Policy, contact our Compliance Department:
Email: [email protected]
Address: Oval Ltd. Suite 3, Jivan’s Complex, Global Village, Mont Fleuri, Mahe, Seychelles.
Regulator: Financial Services Authority (FSA) Seychelles