নিরাপত্তা ও গোপনীয়তা
Version:
R25|01
Last updated:
April 29, 2025
1. Introduction
1.1. Deriv Group is committed to protecting the privacy and security of your Personal Data in compliance with all data protection laws.
1.2. This security and privacy policy (“Privacy Notice”) sets out the data we collect from you as our client. It also describes how we collect, use, and share your Personal Data, how long we keep it, the choices and obligations you have with respect to your Personal Data, the way we use cookies, as well as other relevant information about your data in accordance with applicable data protection laws.
1.3. Depending on the entity that you have contracted with, the Data Controller for purposes of Processing your Personal Data shall be one of the following:
1.3.1. Deriv (FX) Ltd, a company registered under the laws of Malaysia on 18 January 2017 under Company Registration No. LL13394, with its registered address at Unit 3A-16, Level 3A, Labuan Times Square, Jalan Merdeka, 87000, Federal Territory of Labuan, Malaysia
1.3.2. Deriv (BVI) Ltd, a company registered under the laws of the British Virgin Islands on 15 September 2014 under Company Registration No. 1841206, with its registered address at Kingston Chambers, PO Box 173, Road Town, Tortola, VG1110, British Virgin Islands
1.3.3. Deriv (V) Ltd, a company registered under the laws of the Republic of Vanuatu on 17 February 2016 under Company Registration No. 014556, with its registered address at Govant Building, BP 1276, Kumul Highway, Port Vila, Republic of Vanuatu
1.3.4. Deriv (SVG) LLC, a company registered under the laws of Saint Vincent and the Grenadines on 12 February 2020 under Company Registration No. 273 LLC 2020 with its registered address at First Floor, SVG Teachers Credit Union Uptown Building, Corner of James and Middle Street Kingstown P.O., St Vincent and the Grenadines
1.3.5. Deriv (Mauritius) Ltd, a company registered under the laws of Mauritius on 11 June 2024 under Company Registration No. 209524 with its registered address at The Cyberati Lounge, c/o Credentia International Management Ltd, Ground Floor, The Catalyst, Silicon Avenue, 40 Cybercity, 72201 Ebène, Republic of Mauritius
2. Application
2.1. This Privacy Notice is applicable to all Deriv clients. It is important that you read this Privacy Notice, together with any other privacy notices furnished on specific occasions when we are Processing Personal Data about you so that you are aware of how and why we are using your information. This Privacy Notice continues to apply even if your business relationship with us ends.
3. Definitions
3.1. Data Controller: The entity responsible for determining why and how Personal Data is Processed.
3.2. Deriv Group of Companies: Any company or entity that is directly or indirectly controlled or owned or under the common control or ownership of Deriv Group SEZC
3.3. Deriv Group SEZC: A company registered in the Cayman Islands under registration number 394139 with its registered address at Maples Corporate Services Limited, PO Box 309, Ugland House, South Church Street, George Town, Grand Cayman, KY1-1104
3.4. Personal Data: Information that identifies, or could reasonably be associated with an identifiable individual, and bears the meaning as defined in the applicable data protection legislation. This includes but is not limited to:
3.4.1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of a person
3.4.2. Information relating to the education or the medical, financial, criminal, or employment history of a person
3.4.3. Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier, or other particular assignment to a person
3.4.4. The biometric information of a person
3.4.5. The personal opinions, views, or preferences of a person
3.4.6. Correspondence sent by a person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence
3.5. Processing: Any operation performed on Personal Data, whether or not by automated means, including collection, use, or recording. “Process” and “Processed” shall be construed accordingly.
3.6. Special Categories of Personal Data: Any data that reveals:
3.6.1. Racial or ethnic origin
3.6.2. Genetic data
3.6.3. Biometric data for the purpose of uniquely identifying a natural person
3.6.4. Data concerning a natural person’s health, sex life, and/or sexual orientation
4. Collection and use of information
4.1. When you open a Deriv account via our website, we require you to provide your Personal Data during the account sign-up process. This may include personal information like your name, address, email address, telephone number, and date of birth. In all instances, it is necessary for you to provide us with such personal information so that you can enter into a contract with us so we can provide our products and services to you and fulfil our legal obligations. If you do not provide us with the required information, we shall not be able to offer you our products and services.
4.2. We may Process the following Personal Data about you:
4.2.1. Personal identifiers, including name, address, and contact details
4.2.2. Biometric information such as audio, visual, and other sensory information such as photographic images or audio/video recordings
4.2.3. Device and online identifiers and related information, including email address and telephone number
4.2.4. Internet, application, and network activity, including cookie IDs and browser visits
4.2.5. Government identifiers, including national identification numbers, driver’s licence numbers, and passport numbers
4.2.6. Demographic information, including age and date of birth
4.2.7. Residential information, including rental/tenancy agreements, title deeds, and utility bills
4.2.8. Location information, such as geo-location information
4.2.9. Employment information, including occupation, title, and details of your remuneration
4.2.10. Financial information, including details of your bank accounts
4.2.11. Source of wealth information
4.2.12. Market research information, namely, opinions expressed when participating in market research
4.2.13. Other data that relates to your professional activities
4.3. We may collect this information in a variety of ways, namely:
4.3.1. When you interact with us and provide information directly to us
4.3.2. From another company within the Deriv Group of Companies
4.3.3. From external third parties for identification and address verification
4.3.4. From publicly available sources
4.4. We only use your Personal Data where we have your consent or a lawful reason for using it. These reasons include:
4.4.1. Processing your Personal Data to comply with a legal obligation, including licensing requirements, anti-fraud requirements, and anti-money laundering laws
4.4.2. Processing your Personal Data to enter into or carry out an agreement we have with you
4.4.3. Pursuing our legitimate business interests
4.4.4. Establishing, exercising, or defending our legal rights
4.5. We use your information for the following purposes:
4.5.1. Processing your account registration and helping you manage your account
4.5.2. Processing your trades and transactions
4.5.3. Verifying that you are the legitimate account owner and proper recipient of withdrawal payments
4.5.4. Assisting you with any queries about our products and services
4.5.5. Providing you with advertising communications and notifications about your account and our products and services
4.5.6. Investigating and resolving any complaint or dispute that you may have in relation to our products and services
4.5.7. Crime prevention and detection
4.5.8. Risk management
4.5.9. Protecting our legal rights
4.5.10. Analysing user trends to gain a deeper understanding of your needs and preferences with the aim of enhancing our products and services to provide you with a more tailored experience.
4.6. We reserve the right to ask you for further information whenever needed. For example, we may ask you to send us additional acceptable documents to confirm the authenticity of your account details or any withdrawal request.
4.7. You agree that when you use the live chat feature on our website and applications, all personal information that you enter in the chat channel, including but not limited to your first name and email address, is Processed by us and stored in our databases.
4.8. You may update your Personal Data at any time by logging in to the Settings section of your account. It is your responsibility to make sure that we are immediately informed of any changes in your Personal Data so that we can update our records accordingly. You should note that if you provide us with inaccurate information or if you fail to notify us of any changes to the information you have given us, this may affect the quality or availability of our products and services to you.
5. Profiling and categorisation
5.1. We reserve the right to use the data that we collect and assess to profile you in relation to our products. We do this manually with the assistance of automated Processing. In this way, we shall be able to provide you with the most appropriate products and services.
5.2. We may also use automated systems to help us make risk assessment decisions, such as when we conduct fraud and money laundering checks. While we may use technology to assist us in identifying levels of risk, all decisions that may adversely impact you will always include manual intervention to ensure that decision-making is not based solely on automated Processing.
6. Transfer of data
6.1. We may transfer relevant Personal Data to any company within the Deriv Group of Companies or to third parties outside of the Deriv Group of Companies, such as our business partners or payment providers, which may be based in countries that might not offer an equivalent level of protection of Personal Data to that applicable to the Data Controller.
6.2. Your Personal Data is shared with a third party only for one or more of the following purposes:
6.2.1. To fulfil a contract with you for the provision of our products and services, including content delivery services, customer relationship management services, and communication and marketing services
6.2.2. To comply with a legal obligation
6.2.3. To detect and prevent fraud, tax evasion, and financial crime
6.2.4. To pursue a legitimate business interest
6.2.5. To assert or defend a legal right and/or interest
6.3. In all instances, we take reasonable steps to ensure that your Personal Data is treated securely in line with this Privacy Notice and in compliance with any applicable data protection laws to ensure that the transfer is lawful and the transferred Personal Data has an appropriate level of protection. These steps may include placing contractual obligations on third parties or ensuring that third parties with whom the Personal Data is to be shared to bind them to legal requirements that are equivalent to those imposed by applicable data protection laws or ensuring that third parties receiving your Personal Data are certified under an approved certification mechanism.
7. Data retention
7.1. We keep your information for the whole duration of your business relationship with us. When your account has been closed, your Personal Data will be kept only if required by law, where a legal hold has been placed over the information concerned or where you have provided us with your consent to retain your Personal Data for an extended period of time.
7.2. Data will be stored in a range of different places. In all instances where we retain your Personal Data, the same shall be retained in a secure location and in the appropriate format to meet its purpose, with authorised personnel being the only ones to have access to it. We shall also take care to ensure that the appropriate controls have been implemented to prevent the permanent loss of essential information as a result of malicious or unintentional destruction of information.
7.3. Upon expiry of the applicable retention period, your Personal Data shall be either anonymised, de-identified, or destroyed.
8. Your rights
8.1. You have a number of rights in relation to the information that we hold about you. These rights include:
8.1.1. The right of access to your Personal Data — You can request and receive a copy of all the Personal Data we hold about you.
8.1.2. The right of rectification — You can request the correction of any Personal Data that we hold about you if the information is inaccurate or incomplete.
8.1.3. The right to erasure — You can request that we erase your Personal Data, provided the Personal Data in question is no longer necessary in relation to the purpose for which it was collected or is not subject to legal hold or required to be retained in line with our regulatory compliance obligations.
8.1.4. The right to restriction and the right to object — You can restrict our Processing activities or object to the Processing of your Personal Data.
8.1.5. The right to data portability — You can receive a copy of your Personal Data in a structured, commonly used, and machine-readable format, and you can transmit that data to another person in your jurisdiction (where your Data Controller is situated) when technically feasible.
8.2. You can make any of the requests set out in 8.1. above by emailing our data protection officer directly at [email protected] or by using the contact details on our Contact us page.
8.3. If you are unhappy with how we handle your personal data, you can file a complaint with us at [email protected]. If you are not satisfied with the outcome of our internal complaints procedure, or if you consider that your complaint has not been handled correctly, you may lodge a complaint with the data protection authority in Malta or the United Arab Emirates.
9. Marketing
9.1. You have the right to opt out of receiving marketing materials from us. This can be done by revoking your consent at any point during the period that you hold an account with us, in which case, we shall not send any marketing materials to you.
9.2. You can opt out of receiving marketing communications in your account settings or unsubscribe from marketing emails by clicking the “Unsubscribe” link included in all our marketing communications.
9.2.1. If you choose to opt out or unsubscribe from our marketing communications, please note that you may still receive transactional or service-related emails. We will make every effort to minimise the frequency of these messages and ensure that they are necessary for the proper functioning of our products and services.
9.2.2. Please note that due to processing times, you may receive some marketing communications for a short period of time, even after you've requested to opt out or unsubscribe. Additionally, if a marketing communication is already in transit or being sent, you may still receive it.
If you are still receiving marketing communications from us after a reasonable time has passed, please don't hesitate to contact our customer support team.
10. Security statement
10.1. We make sure that your personal data and transactions are secure by taking the following measures:
10.1.1. Your password and login ID are unique, and passwords are hashed so that even our staff cannot read them. As such, we cannot retrieve your password if you cannot recall it. Instead, we will send you a link to set a new password yourself.
10.1.2. All credit card details are submitted directly to the Visa/Mastercard network using the latest SSL encryption technology in accordance with bank policies.
10.1.3. Access to your personal data is strictly prohibited for all Deriv staff, with the exception of key Deriv personnel only in circumstances where this is required for the proper performance of their duties.
10.1.4. Our information security policies are based on industry best practices in access control and business continuity.
10.1.5. On a best-effort basis, we try to verify your identity and implement measures to detect fraud to help protect you from unauthorised access to your account. We also monitor account activity for signs of unusual activity that might indicate fraud. We work with the collection and law-enforcement agencies in case of fraud issues.
10.1.6. It is your responsibility to maintain the security of your login details, any linked email address, and any personal computer or device on which your account is accessible (for example, by password protection and screen locking). We shall not be held responsible for any unauthorised use of your account when we are not at fault.
10.1.7. Whether you use a shared device or your own device in a public place, either offline or on public WiFi, doing so might put the information that you enter or receive in danger of being captured. To protect your data in such cases, it is solely your responsibility to take the following precautions and educate yourself on other security measures you can take:
10.1.7.1. Do not send or receive private information unless you are using a secure webpage (preferably, use a secure, encrypted Virtual Private Network (VPN)).
10.1.7.2. Make sure that you have effective and updated antivirus/antispyware software and firewall running before you use public WiFi.
10.1.7.3. Do not leave your device unattended.
10.1.7.4. Avoid financial transactions that might reveal valuable passwords or personal information, such as credit card numbers.
10.1.7.5. Use the browser tools to delete files and cookies and clear your browsing history.
10.1.7.6. Do not save your login credentials on a shared device.
10.1.7.7. Always log out of account-based websites at the end of the session.
10.1.7.8. You must notify us immediately if you become aware that your login details have been lost, stolen, or otherwise disclosed to third parties.
11. Cookies and related technologies
11.1. Cookies are small text files stored on computer drives and are widely used to improve website functionality and user experience. All recent versions of browsers give you a level of control over cookies. You can delete all cookies that are already on your computer, and the browser can be set to prevent them from being placed. However, choosing not to accept our cookies may affect the quality and usability of our products and services.
11.2. You should note that our website generates log files that record the IP addresses of accesses to your account, login attempts, and device information such as the manufacturer, model, operating system, and browser. We gather this information to help us investigate your account in the unlikely event that it is accessed by unauthorised users. Information supplied by certain cookies also helps us understand how visitors use our products and services so that we can improve them.
11.3. Our cookies are not considered dangerous and are not designed to access any other information on your computer.
11.4. We use the following types of cookies after having received your consent where this is required:
11.4.1. Strictly necessary cookies: These cookies are necessary for the operation of the website. They include, for example, cookies that enable you to navigate our website and log into your account.
11.4.2. Functionality cookies: These cookies are used to enhance the functionality of our website by allowing us to remember your preferences.
11.4.3. Third-party targeting cookies: These cookies are used to deliver adverts that are more relevant to you. They allow you a better experience when using other third-party websites that include social media sites in conjunction with our website. Cookies used for this purpose are placed on our website by third-party advertising networks on our behalf and with our permission.
11.5. In addition to cookies, we may also use other similar technologies on our websites, such as web beacons and pixels to help us customise our websites and improve your experience. Web beacons and pixels usually take the form of a small, transparent image that is embedded in the website or in an email. They are used to track the number of users who have visited particular pages and acquire other statistical data. They collect only a limited set of data, such as cookie number, time, and data of the page viewed, and a description of the page on which they reside.
11.6. To provide you with a better experience, some of our products and services may require permission to access your cloud storage services, such as Google Drive, to save or load Deriv Bot trading strategies. In such instances:
11.6.1. We do not store any data related to your cloud storage service on any servers. All files are downloaded on your local machines.
11.6.2. We do not share any data related to your cloud storage service with anyone.
11.6.3. We only access your cloud storage when your action initiates it. You can disconnect your cloud storage service at any time.
11.7. By accepting our use of cookies, you consent to the use of all types of cookies described in this policy. If you reject the use of cookies, only those that are necessary for the website’s functioning will be used, but this might have a negative effect on the provision of our products and services to you.
12. Links to other websites
12.1. Our website contains links to other websites and may contain banner or icon advertisements related to third-party websites. These websites and their advertisements may submit cookies to your web browser, which is beyond our control. We are not responsible for the privacy practices or the content of such websites. We encourage you to read the privacy policies of these websites because their practices may differ from ours.
12.2. We have integrated certain services from TradingView, Inc. Please note that TradingView’s privacy policy, available at https://www.tradingview.com/privacy-policy/ (or any successor URL), does not apply to Deriv’s implementation of TradingView’s services. We remain fully responsible for the protection and processing of your Personal Data within our platform and in accordance with this Privacy Notice.