The Malaysian Personal Data Protection Act, 2010 (“PDP”) governs the use of personal data by Labuan entities. In accordance with the DPA, this privacy notice describes how Cerus Markets, Ltd. collects, uses and shares the information you provide to us and the information we collect in the course of operating our businesses. Any terminology and capitalized terms used in this notice bear the meanings as prescribed in the DPA unless the context requires otherwise. In this notice, where we refer to “Cerus” (or “we”/“us”/“our”), we mean each of the relevant Cerus Markets, Ltd. entities set out at the end of this document as engaged by you. Cerus Markets, Ltd. is an international group of businesses operating from international offices. Our offices include jurisdictions outside the European Economic Area (“EEA”) which have not been deemed adequate for European Union data protection purposes (namely the Labuan, and United States, and Hong Kong).References in this notice to “your information” are also to personal information that you provide to us or which we otherwise gather in the course of operating our business.
2. The information we collect
We may collect and process various types of personal data about you, including:
- Name, address, email address, telephone number and other contact information;
- Date and place of birth;
- Copies of identity documents (such as passport, national ID card, driver’s license, employee identification numbers);
- Utility bills and/or bank statements;
- Source of wealth;
- Tax residency;
- Details of shareholdings and other assets which are legally or beneficially owned by you;
- Details of directorships and information required to be held under applicable companies legislation;
- Details of people or organisations which may be connected to you (by family or otherwise);
- Your personal identification information (which may include your name and passport information personal data relating to claims, court cases and convictions, politically exposed person (PEP) status, personal data available in the public domain and such other information as may be necessary for Cerus to provide its services and to complete itsCDD process and discharge its anti-money laundering and anti-criminal financing obligations);
- Technical data such as your Internet Protocol (IP) address, login data, browser plug-in types and versions, operating system and platform and any passwords and user names which you are required to create when accessing any of our password protected platform services
- Any other personal information that you may provide to us.
Please note this list is not exhaustive and that we may also collect and process other personal data to the extent that it is useful or necessary for the provision of our services.
3. Where we obtain your personal information
We collect your personal information from the following sources:
- Personal information which you give to us directly, such as:
- as part of such other forms and documents as we may request that are completed in relation to the administration/management of any of our services
- information gathered through the processing of client due diligence (e.g. passports and proof of address etc.)carried out as part of our compliance with regulatory requirements
- any personal information provided by way of correspondence with us by phone, e-mail or otherwise
- Personal information we receive indirectly from third party sources, such as:
- entities in which you or someone connected to you has an interest
- your legal and/or financial advisors
- financial institutions who hold and process your personal information
- credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements
- information that is publicly available over the internet
- personal information received in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act.
4. Information that we collect through our website
You are not required to provide any personal information on the public areas of our website; however you may choose to do so by completing any of the forms which are included on the following pages:
- Individual/Corporate Account Opening Page
- contact us.
- Sign-up Page
- KYC Due Diligence Verification Page
- Payment Gateway Page
In addition to the information you knowingly provide, Cerus collects the domain names and IP addresses of its visitors, along with usage statistics, analytics and browsing history. This data is used to promote our services. Please see our cookies policy for more details about this. You may also provide us with personal information if you contact us by email, telephone or letter.
5. How we use your information
At Cerus we are committed to protecting and respecting your privacy. We provide financial services to our institutional clients and we use your personal data for those purposes. We may hold and process your personal data on the following lawful grounds:
- to perform a contract which we may have with you
- to comply with our legal and regulatory obligations
- for our legitimate business purposes
Your personal information may be processed for the purposes set out below. The purposes based on our legitimate business interests are specifically defined under items (a) to (e) inclusive.
- to conduct administrative or operational processes within our business and / or our service providers;
- communicating with you as necessary in connection with our services;
- to send you marketing material (e.g., customer briefings and updates);
- to invite you to events;
- provide you with personalised information;
- provide and improve our technology and client services;
- to establish, exercise or defend the legal rights of Cerus or for the purpose of legal proceedings;
- process and respond to requests, enquiries or complaints received from you or someone connected to you;
- to comply with legal or regulatory obligations imposed on us (including but not limited to AML/ATF/CFT obligations);
- collecting, processing, transferring and storing customer due diligence, source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations; and
- liaising with or reporting to any regulatory authority (including tax authorities) with whom we are either required to cooperate or report to, or with whom we decide or deem it is appropriate to cooperate in relation to the services we provide.
6. How and why we share your information
Within Cerus Markets We share personal information within the Cerus Markets network. As a result, your personal information may be transferred to locations outside of the Federal Territory of Labuan, as well as within it, for the purposes described above as part of the Cerus Markets data sharing protocol. Outside of Cerus Markets We may also share your personal information outside Cerus Markets This may include disclosures to:
- third party partners, managers, agents, subsidiaries, suppliers or contractors, in connection with the processing of your personal information for the purposes described in this policy, which may include, but is not limited to:
- Information Technology (IT) and communications service providers (including, without limitation, our software and / or platform providers in order to provide and maintain the performance of our services)
- our own advisers such as auditors and accountants and any external legal advisors which we may instruct from time to time
- Trading platform service providers
- Credit card and electronic funds transfer providers
- third parties relevant to the services that we provide, which may include, but is not limited to:
- other professional service providers
- law enforcement agencies
- governmental institutions
- tribunals and courts
to the extent required by law, regulation or court order, for example if we are under a duty to disclose your personal information in order to comply with any legal obligation such as our anti money laundering and anti-terrorist/criminal financing (AML/ATF/CFT) obligations International transfers Your personal information may be held in, and may be freely transferred between, countries that are located inside the EEA, Asia, North America and third countries that have adequate protection for your rights in relation to the processing of your personal information, and otherwise where the transfer is:
- made with your consent;
- necessary for the performance of a contract between the individual and the organisation, or for pre- contractual steps taken at the individual’s request;
- necessary for the performance of a contract made in the interests of the individual between the controller and another person;
- necessary for the establishment, exercise or defence of legal claims;
- made in regard to public data on a public register, and any conditions subject to which the register is open to inspection are complied with;
- made on terms of a kind approved by the Ombudsman as ensuring adequate safeguards for the individual(s);
- authorised by the Ombudsman as ensuring adequate safeguards for the individual(s); or
- required under international cooperation arrangements between intelligence agencies or regulatory agencies, if permitted or require under an enactment or an order issued by the Grand Court of the Labuan.
Where a personal information transfer is made to a jurisdiction which provides a level of da ta protection lower than that prescribed by the DPA, we will take steps to ensure the security and confidentiality of your personal information in accordance with the DPA. Such steps may include establishing contractual undertakings with service providers who process personal data on our behalf. In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.
7. Direct marketing
We may ask whether you wish to receive marketing from us and this will be presented to you as an option on the relevant application form or page on our website where necessary. We may also contact you by email or other means to inform you about other services or events which may be of interest to you. You have the right at any time to stop us from contacting you for marketing purposes. If you wish to do so, please either unsubscribe by following the link at the bottom of the marketing email or by sending us an email to: [email protected]
8. Retention of personal information and security
Your personal information will be retained for as long as required:
- for the purposes for which the personal information was collected
- to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations
- as required by data protection laws and any other applicable laws or regulatory requirements.
We will ensure that the personal information that we hold is subject to appropriate security measures.
9. Access to and control of your personal information
You have the following rights in respect of the personal information about you that we process. These include the right to request access to your personal information, correct any mistakes on our records, erase or restrict records where they are no longer required, object to use of personal information based on legitimate business interests, ask not to be subject to automated decision making if the decision produces legal or other significant effects on you, and the right to submit a complaint. If you wish to exercise any of the rights set out above, please contact our group information security and data protection officer at [email protected], and see further below the section on complaints.
10. Access to and control of your personal information
Please let us know as soon as possible if any of your personal information changes (including your correspondence details). Failure to provide accurate information or to update information when it changes may have a detrimental impact upon our ability to provide services to you.
11. Questions and contact information
If you have any questions in relation to this notice please contact our group information security and technology officer by emailing [email protected].
12. Changes to this policy
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure you are happy with any changes. We last updated this policy in September 2021.