The careful handling of your personal data is our highest priority. We value your trust and assure you that we handle your personal data very carefully.
LYNX Professional Services (LYNX) ensures that personal data is collected, processed and used solely for the purpose specified.
Consents for e.g. the use of e-mail addresses and telephone numbers can of course be revoked at any time with effect for the future.
- Who is the data controller?
LYNX is responsible for the processing of personal data. This privacy statement applies to all processing operations that LYNX performs with regard to personal data of customers, interested parties and other visitors to the website www.lynxprof.com.
1017 BV Amsterdam
Contact details of the Data Protection Officer:
1017 BV Amsterdam
2. Which sources and data do we use?
We process personal data that we receive from our customers or other affected persons as part of our business relationship. In addition, we process – insofar as necessary for the provision of our services – personal data that we legitimately gain from publicly available sources (e.g. the internet) or which we obtain from other third parties.
Relevant personal data are particulars (name, address and other contact details, date and place of birth and nationality), legitimacy data (e.g. identity card data) and authentication data (e.g. signature sample). In addition, this may include order data (e.g. deposit order, securities order), data from the fulfillment of our contractual obligations (e.g. turnover data from the transactions), information about your financial position (e.g. creditworthiness data, origin of assets), advertising and sales data (including advertising scores), documentation data (e.g. recording of telephone conversations) as well as other data comparable to the mentioned categories.
3. What is the purpose of processing data and on what legal grounds do we process your personal data?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR):1
a. For the performance of contractual obligations (Article 6 (1) b GDPR)
The processing of data is carried out to provide and mediate financial services, as part of the execution of our contracts with our customers or to carry out pre-contractual actions, which are carried out on request. The purposes of data processing are primarily based on the specific agreement. Further details on the data processing purposes can be found in the relevant contract documents and terms and conditions.
b. For legitimate interests (Article 6 (1) f GDPR)
If necessary, we process your data beyond the actual performance of the contract for the protection of legitimate interests of us or third parties.
• Data exchange with databases (e.g. Tolerant) for the identification of politically exposed persons and potential customers, which can be found on sanction lists,
• review and optimization of requirements analysis procedures for direct customer approach,
• advertising or market and opinion research, as long as you have not objected to the use of your data,
• asserting legal claims and defense in legal disputes,
• ensuring the IT security and IT operations of the company,
• prevention and investigation of criminal offenses,
• measures for the business control and further development of services and products,
• risk management in the company,
• creditors or insolvency administrators requesting foreclosures
c. With your consent (Article 6 (1) a GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (e.g. use of e-mail address for advertising measures and the sending of newsletters), the legality of this processing is based on your consent.
A given consent can be revoked at any time. This also applies to the revocation of declarations of consent, which were issued to us before the validity of the GDPR, i.e. before 25.05.2018. The revocation of consent does not affect the legality of the data processed until the revocation.
d. Due to legal requirements (Article 6 (1) c GDPR) or in the public interest (Article 6 (1) e GDPR)
In addition, as an investment service provider, we are subject to various legal obligations, i.e. legal requirements as well as supervisory requirements. The purposes of the processing include identity and age checks, prevention of fraud and money laundering, the fulfillment of reporting obligations as well as the evaluation and management of risks within the company.
4. Collection and use of your personal data
Information that we receive from you helps us to customize our service and to constantly improve it. We use this information for the processing of your orders. We also use your information to communicate with you about orders, products, services, and marketing opportunities (see communications below by e-mail), as well as to update our records and maintain your customer accounts with us and to recommend services that might interest you. We also use your information to improve our product offering and our platform, to prevent or detect misuse of our website or to enable third parties to carry out technical, logistical or other services on our behalf.
We collect the following information:
- Information you provide us: We collect and store any information that you submit to our website or transmit to us in any other way. You give us information when you are looking for something, consulting a course, taking securities into your (sample) depot, taking part in a raffle, completing a questionnaire or communicating with our customer service. For example, when you search for a product, place an order, or provide information in your personal information; if you communicate with us by phone, e-mail or otherwise; if you complete a questionnaire, and use other service offerings that personally inform you of certain offers. Information you provide us here may be your name, address, telephone number, account information, (sample) securities account holdings and watchlist contents. You may choose not to provide us with certain information, but this may result in you being unable to use many of our services/features.
- Automated information: As soon as you contact us or visit our website, we store certain information. Among other things, we use – like many other websites – so-called “cookies” and receive information as soon as your web browser opens the LYNX website. Examples of information we collect and analyze include, in abbreviated form, the Internet Protocol (IP) address that connects your computer to the internet, e-mail receipt and read receipt, logins, e-mail addresses, computer information and internet connection such as: Browser type and version, operating system and platform as well as the complete Uniform Resource Locators (URL) clickstream to, through and from our website, that means the order of the pages of our internet site that you visit, including date and time, cookie number, and the products that you viewed or searched for.
- E-mail communication: In order to make our e-mails more useful and interesting for you, we often receive a confirmation as to which e-mails from LYNX you open as far as your computer supports this function. If you basically do not want to receive e-mails from us, please let us know via email@example.com.
- Information from other sources: Occasionally, we may also use information about you from other sources and add it to our information about your customer account. Examples of information we receive from other sources include updated information about suppliers’ inventory addresses that we use to update our database to ensure your next activity statement or other important documents and to ensure that we are with you to be able to communicate. Other examples include information about your potential status as a politically exposed person or the emergence of a sanction list that we use to detect misuse, particularly fraud, and offer you certain financial services and payment methods.
5. Whom do we share your data with?
Within LYNX, those departments gain access to your data, which need it to fulfill our contractual and legal obligations. Our service providers and vicarious agents may also receive data for these purposes if they maintain business confidentiality. These are companies in the categories IT services, logistics, printing services, telecommunications and consulting as well as sales and marketing.
With regard to the transfer of data to recipients outside of our company, it should first be noted that as an investment service provider we commit ourselves to secrecy about all customer-related facts and valuations from which we become aware. In principle, we may only disclose information about you if statutory provisions require it, if you have given your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be:
• Public bodies and institutions (e.g. Federal Financial Supervisory Authority, tax authorities, law enforcement authorities) in the case of a legal or regulatory obligation
Other data recipients may be those for whom you have given us your consent to submit the data or to whom we may delegate personal information due to legitimate interests.
The services provided by LYNX include, among other things, establishing an agreement between you as a client and Interactive Brokers UK. With this purpose, LYNX collects personal data from you that LYNX transfers to Interactive Brokers UK for the purpose of concluding the contract (opening an account). LYNX has no influence on how Interactive Brokers UK handles your data. We refer you to the Interactive Brokers Group Privacy Notice for a further description.
6. Is your personal data being transmitted to non-EU countries or international organizations?
A transfer of data to countries outside the European Union takes place, as far as
- it is required to execute your orders (e.g. payment and transaction orders),
• it is required by law (e.g. tax reporting obligations) or
• You have given us your consent.
Furthermore, a transfer of data to authorities in third countries is provided in the following cases:
• If this is required in individual cases, your personal information may be transferred to an IT service provider in the US or another third country to ensure the IT operations of the company in compliance with the European data protection level
• With the consent of the person concerned or due to legal provisions on the fight against money laundering, terrorist financing and in other cases, personal data (e.g. legitimacy data) are transmitted in compliance with the level of data protection of the European Union in other criminal acts as well as in the context of a legitimate interests.
Cookies are textual information (ASCII text) stored on your hard drive via your browser (e.g. Microsoft Explorer or Mozilla Firefox). If you visit the website again, which has passed the cookie to your browser, you will be recognized here and individually addressed.
8. How long is your personal data being stored for?
We process and store your personal data as long as it is necessary for the performance of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed for years.
If the data is no longer required for the performance of contractual or legal obligations, these are regularly deleted, unless their – temporary – further processing is necessary for the following purposes:
- Fulfillment of commercial and tax-related retention requirements. The deadlines for storage and documentation is in most cases 5 years.
- Preservation of evidence within the statutory limitation period.
9. Which rights do you have as a data subject?
Each data subject has the right of access under Article 15 of the GDPR, the right of rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR.
There is a right of appeal to a competent data protection supervisory authority. You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the validity of the General Data Protection Regulation, i.e. before 25.05.2018. Please note that the revocation only works for the future. Processing that took place before the revocation is not affected.
10. Do you have an obligation to provide data to us?
As part of our business relationship, you must provide the personal information that is required to collect, perform, and terminate a business relationship and to perform the associated contractual obligations or that we are required to collect by law. Without this information we will generally be unable to conclude or execute the contract with you.
In particular, according to the money laundering regulations, we are obliged to identify you prior to the establishment of the business relationship on the basis of your identity document and to record the name, place of birth, date of birth, nationality, address and identity card details. In order for us to be able to fulfill this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and immediately notify us of any changes during the business relationship.
If you do not provide us with the necessary information and documents, we may not take up or continue your desired business relationship.
11. Does any automated decision-making take place?
In principle, we do not use fully automated automatic decision-making pursuant to Article 22 GDPR to justify and implement the business relationship. If we use these procedures in individual cases, we will inform you about this separately, provided that this is prescribed by law.
12. Is there any Profiling?
We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:
- Due to legal and regulatory requirements, we are committed to combating money laundering, the financing of terrorism and property-related offenses. At the same time, data evaluations are carried out. These measures also serve your protection.
- In order to provide you with targeted information and advice on products, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
13. Complaint to the Data Protection Authority
You have the right to submit a complaint to the competent Data Protection Authority. This can be done via:
14. Right to object, Art. 21 GDPR
a. Case-specific right of objection
You have the right for reasons that derive from your special situation, to object at any time against the processing of your personal data resulting from Article 6 (1) (f) of the GDPR (data processing based on legitimate interests); this also applies to profiling based on this provision in senses of Art. 4 No. 4 DS-GVO, which we use for advertising purposes. If you object, we will not further process your personal data unless we can do so for legitimate reasons which predominate your rights and freedoms predominate or the processing serves the assertion, exercise or defense of legal claims.
b. Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to operate direct mail. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be free of form and should be directed as far as possible to:
Data Protection Officer
1017 BV Amsterdam