PRIVACY AND DATA PROTECTION POLICY

 

OVAL LTD 

AUTHORIZED AND REGULATED BY THE FINANCIAL SERVICES AUTHORITY SEYCHELLES

B2C (Business to Client) General Terms & Conditions 

 

Effective from 

December 2025

 

 

Version 1 

 

Oval Ltd (“the Company”, “we”, “us”, “our”), a company licensed and regulated by the Financial Services Authority (FSA) of Seychelles under License No. SD221, is committed to protecting the privacy, confidentiality, and security of personal data collected from clients, website visitors, and platform users.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information in accordance with applicable Seychelles laws, including the Securities Act 2007, the Financial Consumer Protection Act 2022 (FCPA), and international data-protection best practices.

By using our services, website, or trading platform, you acknowledge that you have read and understood this Privacy Policy.

 

1. Purpose of This Policy

This Privacy Policy ensures that Oval Ltd handles personal information lawfully, transparently, and securely. It outlines:

• The types of data we collect

• How we process, store, and protect such data

• Your rights as data subjects

• When and how your data may be shared with third parties

• The Company’s responsibilities as a Data Controller

 

2. Definitions

For the purposes of this Policy:

• “Personal Data”: Any information that identifies, or can identify, an individual (e.g., name, ID number, email, financial information).

• “Processing”: Any operation performed on personal data, including collection, storage, use, transfer, or deletion.

• “Data Controller”: Oval Ltd, which determines the purpose and means of processing personal data.

• “Data Subject”: Any natural person whose personal data we process.

• “Third Parties”: Entities outside the Company involved in providing services (e.g., payment providers, liquidity providers, KYC/AML service providers).

 

3. Lawful Basis for Data Processing

Oval Ltd processes personal data only where lawful and justified, including:

• Performance of a contract – to provide trading services and fulfill our obligations.

• Compliance with legal obligations – including AML/CFT requirements, reporting obligations, and FSA-mandated record keeping.

• Legitimate interests – such as enhancing platform security and improving customer experience.

• Consent – where explicitly required (e.g., marketing communications).

 

4. Types of Personal Data We Collect
We may collect the following categories of information:

1. Identity & KYC/AML Data

• • Full name

  • Date and place of birth

  • Nationality

  • Government-issued identification (passport, ID card)

  • Proof of address

  • Tax Identification Number (TIN/NIN)

  • Source of funds/wealth information

  • Selfie or live-photo verification

2. Contact Information

• • Phone number

  • Email address

  • Residential address

3. Financial Information

• • Bank account details

  • Payment transaction records

  • Trading account information

  • Deposits and withdrawals

  • Wallet and balance activity

4. Technical & Usage Data

• • IP address

  • Device identifiers

  • Login history

  • Browser type

  • Cookies and tracking data

  • Website and platform interactions

5. Communication Data

• • Emails, chats, support tickets

  • Recorded voice calls (as required for audit and compliance)

 

5. How We Use Personal Data

Oval Ltd may process your data for the following purposes:

• To open and maintain trading accounts

• To perform KYC/AML verification and ongoing monitoring

• To process deposits, withdrawals, and payments

• To comply with FSA regulations and legal reporting obligations

• To monitor trading activity and prevent fraud or abuse

• To provide customer support

• To improve our products, systems, and security

• To send operational, regulatory, or account-related communications

We do not sell, rent, or trade personal data with third parties.

 

6. Data Controller Responsibilities (as required under FSA standards)

Oval Ltd, as the Data Controller, is responsible for:

1. Ensuring all personal data is collected and processed lawfully, fairly, and transparently.

2. Implementing adequate technical and organizational security measures to protect data from unauthorized access, breaches, or misuse.

3. Maintaining accurate and up-to-date records of data processing activities (including AML-related records).

4. Limiting data access only to authorized personnel bound by confidentiality obligations.

5. Ensuring third-party service providers follow equivalent data-protection standards.

 

7. Data Retention

We retain personal data only as long as required for:

• Legal and regulatory obligations

• AML/CFT requirements

• FSA-mandated retention periods (minimum 7 years)

• The purposes for which the data was collected

After the applicable retention period, data is securely deleted or anonymized.

 

8. Sharing of Personal Data

We may share data only with trusted third parties where necessary, including:

• KYC/AML verification providers

• Payment service providers

• Banking institutions

• Liquidity providers

• Auditors and legal consultants

• IT and cybersecurity service providers

• FSA Seychelles and other regulators (only when legally required)

Every third party is bound by confidentiality and data-protection agreements.

 

9. International Data Transfers

• Where data is transferred outside Seychelles, we ensure:

• The receiving country has adequate data-protection standards, or

• Protective contractual clauses are implemented, or

• Transfer is necessary for contractual performance or regulatory compliance.

 

10. Cookies & Tracking Technologies

We use cookies to:

• Provide secure login sessions

• Improve website performance

• Analyze traffic to enhance user experience

• Remember user preferences

Users may choose to disable cookies, but certain features may not function properly.

 

11. Data Security

We implement industry-standard safeguards, including:

• Encryption (in transit and at rest)

• Secure servers and firewalls

• Multi-factor authentication (MFA)

• Access control and monitoring

• Regular security audits and penetration testing

• Incident response procedures compliant with FSA requirements

 

12. Your Rights as a Data Subject

You have the right to:

1. Access your personal data

2. Rectify inaccurate or incomplete information

3. Request deletion of data where legally permissible

4. Withdraw consent (where applicable)

5. Object to certain forms of processing

6. Request restriction of processing

7. Receive a copy (data portability) of your data (where applicable)

To exercise your rights, contact: [email protected] 

 

13. Marketing Communications

We may send marketing messages only if:

• You have given explicit consent, OR

• It relates to similar products/services you already use

You may opt out anytime through the unsubscribe link or by contacting us.

 

14. Use of Automated Decision-Making

Certain processes (e.g., KYC risk scoring) may be automated.
These systems are monitored by compliance staff to ensure fairness and accuracy.

 

15. Third-Party Links

Our website may contain links to external websites.
We are not responsible for their privacy practices.
We encourage you to review their policies before providing any personal data.

 

16. Amendments to This Policy

Oval Ltd may update this Privacy Policy when required by:

• Changes in FSA regulations

• New legal obligations

• Internal compliance updates

• Platform improvements

All updates will be posted on our website with the effective date.

 

17. Contact Information

For questions or complaints related to privacy, data protection, or this Policy, contact our Compliance Department:

Email: [email protected]
Address: Oval Ltd. Suite 3, Jivan’s Complex, Global Village, Mont Fleuri, Mahe, Seychelles.
Regulator: Financial Services Authority (FSA) Seychelles