1. Introduction
TreasurX Limited (“the Company”) collects, stores, and processes information about clients and partners for legitimate business purposes. Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018), individuals have specific rights regarding their personal data. This policy outlines the types of data the Company holds, why it is required, and how it is used. The Company processes data to manage relationships effectively, lawfully, and appropriately—during onboarding, throughout the client relationship, and after termination. This includes using information to comply with regulatory and statutory obligations, fulfil contractual duties, and meet legal requirements.
2. Lawful Basis for Processing
The lawful bases under which TreasurX Limited collects and processes client data are: Contractual, Legal Obligation, Legitimate Interest, and Consent. As a foreign exchange brokerage, TreasurX may process data to pursue legitimate business interests such as fraud prevention, administrative record-keeping, regulatory reporting, or protecting its legal position in potential disputes.
3. Types of Information Held
The Company may hold the following types of information:
• Account applications and supporting documentation
• Correspondence and emails
• Payment and transaction data
• Contact and user details
• Compliance and monitoring information
• Audit trails and login records
• Complaint records
• Recorded telephone activity (shared only with regulated partners under GDPR compliance)
If data is not provided, TreasurX may be unable to fulfil certain obligations and will notify the client of any implications. Some information may come fromthird-party verification providers. Records are primarily electronic, with some stored securely in paper form.
4. Data Sharing and Locations of Processing
TreasurX Limited shares personal data only when legally permitted. Contractual safeguards and strict security controls protect client data. The Company may use third parties, including banks and payment providers (some based overseas), to deliver its services.
Data may also be shared with:
• Associated firms for administrative or professional purposes
• ICT, cloud, and compliance service providers based in secure European data centres
• Auditors, professional advisers, and regulators
Requests from authorities are fulfilled only when permitted by law. Where data is processed under consent (e.g. for marketing), clients can withdraw consent at any time without affecting prior lawful processing.
5. Your Rights
Under GDPR and DPA 2018, individuals have the right to:
• Access their data
• Rectify inaccuracies
• Request erasure (“right to be forgotten”)
• Restrict or object to processing
• Request data portability
Clients can withdraw consent at any time when processing is based on consent. Complaints may be lodged with the Information Commissioner’s Office (ICO) if rights are believed to have been infringed. TreasurX retains data only for as long as legally or contractually required.
6. Data Controller and Contact Details
TreasurX Limited is both the data controller and processor under GDPR and DPA 2018. For any data protection concerns, please contact: Ricky Jones Data Protection Officer Email: info@treasurx.com Mail: TreasurX Limited, 16 Belvidere Road, CH45 4RY
7. Policy Review
TreasurX recognises that transparency is an ongoing responsibility. This Privacy Policy is reviewed regularly to ensure continued compliance and relevance.
