Privacy Policy

1. Introduction

Veles Solutions ("Veles," "we," "us," or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our risk management software and services designed for brokerage companies.

As a B2B software provider serving the financial services industry, we recognize the critical importance of data protection in maintaining trust and regulatory compliance. We voluntarily adhere to the principles of the General Data Protection Regulation (GDPR) and other international data protection standards, regardless of our clients' jurisdictions.

2. Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner.
• Purpose limitation: We collect data for specified, explicit, and legitimate purposes only.
• Data minimization: We process only the data necessary for the specified purposes.
• Accuracy: We ensure that personal data is accurate and kept up to date.
• Storage limitation: We retain personal data only for as long as necessary.
• Integrity and confidentiality: We implement appropriate security measures to protect personal data.
• Accountability: We are responsible for demonstrating compliance with these principles.

3. Types of Data We Process

3.1 Client Account Data

• Company information (name, registration number, jurisdiction)
• Contact details (business addresses, phone numbers, email addresses)
• Authorized user accounts and access credentials
• Business relationship information

3.2 Trading and Risk Data

• Trading account information and transaction histories
• Risk metrics and analytics data
• Market exposure and position data
• Compliance and regulatory reporting data

3.3 Technical Data

• IP addresses and device identifiers
• Browser types and versions
• System logs and usage patterns
• API access logs and integration data

3.4 Communication Data

• Support ticket contents and correspondence
• Training and onboarding communications
• Feedback and survey responses

4. Lawful Bases for Processing

We process personal data based on the following legal grounds:

4.1 Contract Performance

Processing necessary to fulfill our contractual obligations to provide risk management software and related services.

4.2 Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Improving our products and services
• Ensuring platform security and preventing fraud
• Conducting business analytics and research
• Direct marketing to existing clients about similar services

4.3 Legal Obligations

Processing necessary to comply with legal obligations, including anti-money laundering (AML) requirements and regulatory reporting.

4.4 Consent

Where we rely on consent, we ensure it is freely given, specific, informed, and unambiguous.

5. How We Use Your Data

• Service Delivery: To provide and maintain our risk management platform
• Account Management: To manage client accounts and user access
• Risk Analysis: To perform risk calculations and generate analytics
• Customer Support: To respond to inquiries and provide technical assistance
• Platform Improvement: To enhance features and develop new functionalities
• Security: To protect against unauthorized access and ensure data integrity
• Compliance: To meet regulatory requirements and industry standards
• Communication: To send service updates, security alerts, and relevant information

6. Data Sharing and Disclosure

We may share data with:

6.1 Service Providers

• Cloud infrastructure providers (AWS, Google Cloud, Azure)
• Analytics and monitoring services
• Communication and support platforms
• Payment processors (for billing purposes)

6.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, data may be transferred to the acquiring entity.

6.3 Legal Requirements

We may disclose data when required by law, court order, or regulatory authorities.

Important: We never sell personal data to third parties for marketing purposes.

7. Data Security

We implement comprehensive security measures including:

7.1 Technical Measures

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication for all user accounts
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Secure API endpoints with rate limiting

7.2 Organizational Measures

• Employee data protection training
• Access controls based on principle of least privilege
• Confidentiality agreements with all staff
• Incident response and breach notification procedures
• Regular security awareness programs

8. Data Retention

We retain data for different periods based on its nature and purpose:

• Active Account Data: Duration of the business relationship plus 6 years
• Trading Records: 7 years from transaction date (regulatory requirement)
• Technical Logs: 90 days for operational logs, 2 years for security logs
• Support Communications: 3 years from last interaction
• Marketing Data: Until consent is withdrawn or 3 years of inactivity

9. Your Rights

You have the following rights regarding your personal data:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data (subject to legal obligations)
• Restriction: Request limited processing of your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain types of processing
• Automated Decision-Making: Not be subject to purely automated decisions

To exercise these rights, contact us at privacy@veles.solutions with proof of identity.

10. International Data Transfers

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by regulatory authorities
• Adequacy decisions where applicable
• Additional technical and organizational measures

11. Updates to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via:

• Email notification to primary account contacts
• In-platform notifications
• Prominent notice on our website

Continued use of our services after changes constitutes acceptance of the updated policy.

12. Specific Provisions for Brokerage Services

12.1 Client Trading Data

As a risk management platform for brokers, we process trading data solely for the purposes of risk analysis, compliance monitoring, and fraud detection. We do not use this data for proprietary trading or share it with competitors.

12.2 Regulatory Compliance

We maintain data processing practices that enable our clients to meet their regulatory obligations under MiFID II, ESMA guidelines, and other relevant financial regulations.

12.3 Data Segregation

Each client's data is logically segregated using robust access controls and encryption. Cross-client data access is strictly prohibited except for aggregated, anonymized analytics.