All personal and financial data is encrypted in transmission using SSL/TLS protocols with 256-bit keys — the same standard applied by major financial institutions. Data is stored on secure servers in geographically distributed data centres with physical security, biometric access control and continuous video surveillance. Logical access to personal data is strictly limited to authorised personnel whose roles require it — all access is logged and regularly audited.
Independent cybersecurity experts conduct regular penetration testing. Security updates are implemented immediately upon release. All staff with data access sign confidentiality agreements and receive ongoing training in data protection practices. Modern firewall and intrusion detection systems provide continuous infrastructure-level monitoring.
You hold the right to access a complete copy of all data held about you, to correct inaccurate information, to request erasure where legally permissible, to restrict processing in defined circumstances, to receive your data in portable machine-readable format and to object to direct marketing at any time. To exercise any of these rights contact our Data Protection Department at [email protected] — requests receive acknowledgement within 72 hours and full processing within 30 days.
Personal data is retained only for as long as necessary to fulfil the purposes described in this Policy, comply with legal obligations and resolve outstanding disputes. Upon account closure and expiry of all applicable legal retention periods, personal data is securely deleted or anonymised. Data is never sold to third parties and is shared with external partners only where strictly necessary for service delivery under binding confidentiality agreements.
