Privacy Policy

(a) Introduction

Onyx Capital Group Limited (“we” or “us” or “our” or Onyx”) is committed to protecting and respecting your privacy. This Policy explains how we collect, use, and handle your personal data. Please also read our Cookie Policy which explains the use of cookies on our site. Any changes we make to this policy will be posted on this page and, where appropriate, notified to you by e-mail.

 

(b) Who is Collecting Data?

The following Onyx subsidiaries are Data Controllers and are registered with the Information Commissioners Office (“ICO”):

     

      • Onyx Commodities Limited with company number 03948550, ICO registration ZB182874 and business address 95 Cromwell Road, Second Floor, London, United Kingdom, SW7 4DL

      • Onyx Capital Advisory Limited with company number 11472304, ICO registration ZA568423 and business address 95 Cromwell Road, Second Floor, London, United Kingdom, SW7 4DL

      • Flux Financial Limited with company number 13409640, ICO registration ZB182886 and business address 95 Cromwell Road, Second Floor, London, United Kingdom, SW7 4DL

    • Onyx Capital Technology Limited with company number 14488604, ICO registration ZB539675 and business address 95 Cromwell Road, Second Floor, London, United Kingdom, SW7 4DL
     

    (c) What Data Is Being Collected?

    The information we collect from you will vary depending on which Onyx entity you deal with and in what capacity this has been provided in (e.g., the level of information disclosed to Onyx when you contemplate employment will vary to that requested when forming a business relationship). Examples of personal information we may process are:

       

        • Contact information including your name, telephone number, e-mail address

        • Identity information including your date of birth, address, ID number, photograph, employer, job title

        • Financial information necessary for bank payments such as bank details

        • records of any conversations with you by telephone, e-mail or otherwise

        • If applying to work with us, we may ask you for special category data or criminal record information

      When you visit our site, we may also automatically collect information for internal operations such as troubleshooting, data analysis, testing, research, statistical purposes and to keep our site safe and secure. Examples are:

         

          • Technical information, including the Internet Protocol (“IP”) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform

          • Information about your visit, including the full Uniform Resource Locators (“URL”) clickstream to, through and from our site (including date and time)

        • Products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page
         

        (d) Why Data Is Being Collected

        We will only process your personal data when we have specific purpose and lawful reasons to do so. We may process your personal data on one or more of the following legal grounds:

           

            • To comply with any legal and regulatory obligations (Article 6(1)(c))

            • To carry out our obligations arising from any terms entered into with you because it is necessary for the performance of our services (Article 6(1)(b))

            • Where processing is necessary for the purpose of legitimate interests (provided these interests are not overridden by data subject rights or interests (Article 6(1)(f)))

            • To inform you of changes to our services

          The provision of data is discretionary however a lack of data can be an impediment to the exchange of information necessary for the above purposes.

          We also collect your data so we can provide you with additional information regarding services you have already purchased or enquired about. We may also inform you about services we offer that we believe you have an interest in and would benefit your business.

          You have the right to opt out at any time if you do not want to receive further marketing-related communications from us.

          If you provide us with somebody else’s personal data (such as names of directors or business owners), you must ensure that you are entitled to disclose that personal data to us and that, without us taking any additional steps, we may collect, use and disclose that personal data as described in this Privacy Policy.

           

          (e) How We Collect Data

          We collect the majority of personal data through direct correspondence with you or your organisation, by email, telephone and via information request forms, account related documents and terms. As above, some data is collected through website traffic.

           

          (f) How Data Is Processed & Stored

          Personal data is processed both manually and electronically in accordance with the above-mentioned purposes. Each Data Controller has its own CRM system and our employees are only able to access your data if they have a need for it. All employees are appropriately designated and trained to process data.

          We take all reasonable steps to ensure that the information we hold is accurate however please contact us and ask for its correction if you feel any information is inaccurate or incomplete. Your personal data will be deleted when it is no longer reasonably required for the aforementioned purposes or when we are not legally required or otherwise permitted to continue storing such data. Data may also be anonymised where necessary in order to pursue a legitimate interest, whilst protecting the integrity of your data.

          When assessing what retention period is appropriate, we will consider, amongst other things, the requirements of our business, the purposes for which we collected the data, our regulatory requirements, and the legal basis for processing.

          Onyx has put in place appropriate measures to prevent your data from being lost, used or accessed in an unauthorised way, altered or disclosed. Where Onyx engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and measures to ensure the security of data.

          We have in place procedures to deal with any suspected data security breach and will notify you and the ICO (or any other relevant regulator) where we are legally required to do so.

           

          (g) With Whom Data Can Be Shared

          We may disclose your personal data with authorised service providers who perform services for us (including background checks, trade monitoring/reporting, professional advisory services, cloud services, data storage, payment processing, customer support and billing). Our contracts with our service providers include commitments that they agree to limit their use of personal data to our specific instructions and to comply with privacy and security standards.

          Without prejudice to any communications made to comply with legal or contractual obligations, data may also be disclosed to external parties as required by laws or regulations (e.g. court, tribunal, Regulatory Authority or Governmental Entity).

          When we share your information with contracted third party companies we remain responsible for your data and we take all reasonable steps to ensure that your information and privacy are protected in line with the applicable legal obligations. Personal data may be shared between the Onyx entities on a confidential basis where necessary for the purpose of providing services to you, in addition to fulfilling other legitimate administrative and business purposes (e.g., marketing, billing etc.).

           

          (h) Your Rights

          You have the right to:

             

              • Request a copy of your data in a structured, commonly used and machine-readable format

              • Request from us access to and rectification or erasure of your data

              • Restrict or object to us processing your data

              • The right to have your personal data transmitted directly from a controller to another, where technically feasible

              • Lodge a complaint against us if you have a concern about our handling of your data

            Please contact us on the below details to action any of these requests. We will consider any requests or complaints and will respond in a timely manner. If you are not satisfied with our response, you may take your complaint to the ICO (www.ico.org.uk). The ICO can be contacted via their hotline: 0303 123 1113 or through the concerns section of their website: ico.org.uk/concerns.

            Please note we reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data, and for any additional copies of the personal data you request from us. Any other applicable conditions to these rights will be advised upon at the time of your request.

             

            (i) Contact

            If you have any questions or concerns about this policy, please contact our Data Protection Officer by emailing: compliance@onyxcapitalgroup.com.