General Provisions and Scope

Exness (Pakistan) Ltd operates under the Data Protection Act 2018 and Pakistan’s data protection compliance frameworks. This privacy policy establishes guidelines for collecting, processing, and protecting personal information of clients. These regulations apply to all operations conducted through Exness platforms and services in Pakistan. The policy covers interactions through website access, communication channels, and trading activities. Implementation extends to all branches and representative offices within the Pakistan jurisdiction. The document supersedes previous privacy agreements and associated forms. Regular updates maintain compliance with evolving data protection standards. The policy underwent its latest revision in January 2021.

Core Definitions and Terms

Personal data encompasses identifiable information relating to living individuals using Exness services in Pakistan. Processing activities include collection, recording, storage, and transmission of personal data. Data subjects refer to clients, potential clients, and website visitors providing information. Controllers determine processing purposes, while processors handle data on behalf of controllers. Consent represents freely given, specific agreement for data processing. Special category data includes sensitive personal information requiring enhanced protection. Regulatory bodies oversee compliance with data protection requirements. Third-party processors operate under strict contractual obligations.

Data Categories Overview:

Operator Rights and Responsibilities

The company maintains responsibility for implementing appropriate security measures. Authorization procedures control access to personal information databases. Regular staff training ensures proper handling of sensitive data. Internal audits verify compliance with established procedures. Documentation of processing activities remains current and accessible. Breach notification protocols activate within mandated timeframes. Response procedures address data subject requests promptly. Technical infrastructure undergoes periodic security assessments to ensure data protection.

Data Subject Rights Framework

Individuals maintain rights to access their personal information holdings. Correction requests receive prompt attention and verification. Data portability enables transfer between service providers. Erasure requests undergo evaluation within regulatory constraints. Processing restrictions apply under specified conditions. Objection rights cover direct marketing activities. Automated decision-making requires explicit consent. Withdrawal of consent remains available without prejudice.

Protected Rights Include:

• Access to personal data copies
• Correction of inaccurate information
• Data portability requests
• Processing restrictions
• Marketing communications opt-out
• Automated processing objections

Data Processing Principles

Data collection serves specifically identified business purposes. Processing activities maintain proportionality with stated objectives. Accuracy requirements guide information maintenance procedures. Storage limitations align with regulatory retention periods. Security measures protect against unauthorized access. Transparency provides processing visibility to data subjects. Accountability demonstrates compliance with regulatory requirements. International transfers meet adequacy requirements under Pakistan’s data protection framework.

Lawful Processing Requirements

Processing occurs under contractual necessity for service provision. Legal obligations require specific data collection activities. Legitimate interests support certain processing operations. Consent provides additional processing authority where required. Special category data receives enhanced protection measures. Criminal record processing follows strict regulatory guidelines. Child data collection requires parental consent verification. Processing limitations apply to non-essential activities.

Processing Bases Framework:

Data Collection and Storage Protocols

Secure systems maintain personal information confidentiality. Encryption protects data during transmission and storage. Access controls restrict information availability to authorized personnel. Retention schedules determine storage duration requirements. Backup systems ensure data recovery capabilities. Disposal procedures protect confidentiality after retention periods. Documentation tracks processing activities comprehensively. Regular reviews assess storage security effectiveness.

Information Transfer Procedures

Third-party transfers require documented agreements and safeguards. International transfers meet adequacy requirements under Pakistan’s data protection regulations. Service providers undergo security assessment before engagement. Transfer documentation maintains detailed processing records. Recipient obligations include specified security measures. Monitoring ensures ongoing compliance with transfer requirements. Data sharing limitations protect confidential information. Transfer mechanisms receive regular review and updates to ensure security.

Data Protection Measures

Technical controls protect against unauthorized access attempts. Administrative procedures guide staff handling of information. Physical security measures protect storage locations. Incident response plans address potential breaches. Recovery procedures ensure business continuity. Staff training covers security requirements regularly. Assessment procedures evaluate protection effectiveness. Security updates maintain protective measures currently.

Concluding Policy Elements

Policy updates reflect regulatory and operational changes. Communication procedures notify affected parties of modifications. Implementation responsibility rests with designated personnel. Compliance monitoring ensures ongoing effectiveness. Dispute resolution procedures address privacy concerns. Contact information remains available for inquiries. Documentation requirements support compliance demonstration. Review schedules maintain policy currency and relevance.

FAQ Section

Q: What personal information does Exness collect?
A: Exness collects contact data (e.g., name, address, phone), financial data (e.g., account details), identity data (e.g., ID documents), technical data (e.g., IP address), and trading data (e.g., transaction history).

Q: How does Exness protect my personal information?
A: Exness employs encryption, access controls, secure storage systems, and regular security assessments to protect client data.

Q: Can I request the deletion of my personal data?
A: Yes, you can request data deletion, but it may be subject to regulatory and legal constraints.

Q: How are international data transfers handled?
A: International data transfers follow Pakistan’s data protection requirements and meet adequacy standards for secure processing.

Q: How will I be notified about changes to the privacy policy?
A: Exness will communicate policy updates through email and the client portal.