Valid as of 08.10.2018

At Admiral Markets AS (hereinafter as AM), we fully understand how important it is to protect and respect our Clients’ personal information. This document sets out our commitment in respect to the information that we collect about our Clients and what we do with that information. The given policy contains an overview of the following:

  1. Terms and Definitions
  2. General Principles
  3. Legal basis for processing Client Data
  4. Categories of Client data
  5. Forwarding of Client data
  6. Forwarding of Client data outside the EEA area
  7. Automated decisions and profile analysis
  8. Client Data Retention
  9. Rights of the Client
  10. Protection of Client’s Rights

Before using any services offered by AM and submitting any personal data, the Client should familirize itself and agree with the principles and conditions set forth in this policy. A person acknowledges the given terms voluntarily by ticking a corresponding checkbox on the initial Trader’s Room registration form for receiving investment services.


1.1 Client - means any natural or legal person who has expressed a desire to use, who is using or who has used AM’s provided investment services until termination of Client relationship.

1.2 Client Data - any sort of information, including personal data known by AM regarding the Client. With legal entity Clients, AM processes legal entity’s representative’s, beneficiaries and other related persons personal data to the extent required by law. The various categories of Client data are specified in section 4 of this document.

1.3 Processing of Client Data - means any action that is performed with the Client data, including personal data that is gathered, recorded, structured, safekept, changed, forwarded, deleted, archived, etc.

1.4 Data Controller – AM as an investment firm providing the Client investment service acts as a Data Controller with Client’s data.

1.5 Authorised Data Processor and/or other Third party - AM may also use authorised external third party processors for Client data processing, based on concluded service agreements, which are governed by instructions from AM for the protection of Client related data. Third Party is any person who is not the Client nor AM.


2.1 Processing of Client Data at AM takes place in accordance with requirements set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the Personal Data Protection Act, other relevant legal acts and the requirements set forth in these Principles.

2.2 AM shall use authorised processors for Processing of Client Data. AM shall in this regard ensure that such data processors process Client Data only in accordance with instructions from AM and in conformity with the requirements for data protection.

2.3 AM is entitled to unilaterally amend the given policy at any time by notifying the Clients not later than 14 days prior of any significant amendments via the AM’s website, email or through the Trader`s Room. In issues not regulated by this policy, General Terms and Conditions shall apply.


3.1 AM processes Client related data, including personal data, on the following basis:

  • the Client has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of the Client agreement to which the Client is a party or in order to take steps at the request of the data subject prior to entering into a Client agreement;
  • processing is necessary for compliance with a legal obligation to which AM is subject to;
  • processing is necessary for the purposes of the legitimate interests pursued by AM or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Client which require protection of personal data.

3.2 AM’s legitimate interests are expressed in furtherance of its own operating activity in offering Clients better services and products, developing its own products, ensuring data and information security and performance of general legal obligations set forth in legal acts.

3.3 On the basis of consent for Processing Client Data, AM shall ask for consent, e.g., on relevant applications and requests, and will enable the Client to provide its consent voluntarily.


4.1 AM has the right and the duty by virtue of its area of activity to check the accuracy of the Client data contained in the databases by periodically asking the Client to review and/or correct or confirm the accuracy of the Client data pertaining to the Client. AM does not collect sensitive information about the Client.

4.2 AM gathers Client Data mainly from the Client (e.g. applications and requests, in the course of Client interaction) and in the course of use of the services by the Client (e.g. execution of payments and transfers, forwarding of securities orders, performance of contracts etc).

4.3 AM also obtains and verifies Client Data from Third Parties, such as:

  • public and private registers (e.g. Population Register, Business registries, Credit information registries and other authorised processors). AM uses data obtained from registries and authorised processors for verifying and updating Client Data;
  • correspondent banks, foreign brokers and other business partners if the Client has provided consent to our business partner for this purpose or the sending of data is permitted by legal acts. AM uses these data mainly for enabling provision of service to Clients (e.g. foreign payments and investment services).

4.4 The following is a list of the types of Client Data, the main purposes for which AM processes Client Data and the legal grounds for Processing:

Client Data Purpose for processing Legal ground for processing
1.Personal Data(e.g. name, personal identification code, date of birth, data on the identity document)

Identification of Client

Legal obligation stemming from the Money Laundering and Terrorism Financing Prevention Act

2. Contact details(e.g. telephone, email, address, language of contact)

Client interaction


Performing Client Agreement with the Client

Consent/legitimate interest for marketing

3. Data on tax residency (e.g. country of location, taxpayer identification number, citizenship)

Gathering and reporting tax-related information

Legal obligation arising from Tax Information Exchange Act

4. Data on area of activity (e.g. profession, education, data on employer)

Evaluating the Client’s creditworthiness for payments on the trading account

Legal obligation arising from the Money Laundering and Terrorism Financing Prevention Act

5. Financial data (e.g. income, obligations, liquid assets, planned amount of first deposit)

Evaluating the Client’s creditworthiness for payments on the trading account

Legal obligation arising from the Money Laundering and Terrorism Financing Prevention Act

6. Data on the Client’s trustworthiness and origin of assets and wealth (e.g. data on payment history, data on connections to money laundering, terrorism financing or organised crime, data on employer, transaction partners, beneficial ownership, income sources, data on business activity, related persons, whether the Client is a politically exposed person)

Compliance with due diligence requirements

Legal obligation arising from the Money Laundering and Terrorism Financing Prevention Act

7. Data on the Client’s expertise (e.g. the Client’s investment knowledge and experiences, educational attainment, profession, investment goal)

Evaluating the appropriateness and suitability of product, service and securities offered to the Client and assessing the Client’s expertise

Legal obligation arising from the Securities Market Act

8. Data related to securities (e.g. securities transactions and transaction orders, quantity of securities, transaction volumes, transaction value, LEI code)

Transaction reporting and monitoring with regard to characteristics of market abuse and reporting of suspicious transactions

Legal obligation arising from Regulation no. 596/2014 of the European Parliament and of the Council (market abuse regulation)

9. Communication Data (e.g such as visual when the Client visits any AM office, including communication held via electronical means

Compliance with due diligence requirements

Security risk management

Legal obligation arising from the Securities Market Act

Legitimate interest for security risk management in order to maintain a safe and secure working environment.

10. Data on the Client’s habits, preferences and satisfaction (e.g. Client status, data on use of Services, Client’s queries and complaints, survey’s feedback)

Development of products and services

Legitimate interest for developing new products and services and improving existing products (e.g. correcting errors, developing greater ease of use for more actively used services)

11. Data on the Client’s segment (e.g. demographic)

Direct marketing, organising campaigns, webinars and seminars.

Legitimate interest for promoting commercial and educational activity, making offers suitable for Clients

12. Data obtained in the course of performing obligations arising from legislation (e.g. data arising from inquiries made by investigative bodies, notaries, tax authority, courts, inquiries made by court bailiffs)

Cooperation with supervisory authorities and other public sector institutions, implementation of required measures, such as impounding accounts

Compliance with legal obligations arising from various acts, such as Money Laundering and Terrorism Financing Prevention Act etc.

13. Data related to participation in consumer games and campaigns e.g. data on prizes won in investment games and otherconsumer games and points collected in campaigns)

Compliance with campaign terms (e.g. payouts of amounts won)

Direct marketing (e.g. sending an invitation to participants, reminders etc).

Performing contract concluded with the Client

Legitimate interest in marketing the same or similar service

14. Data on Client’s family and/or associated persons (such as information about the Client’s family, heirs and other related person’s (used only in cases if a Client is related to a politically exposed person or the Client has passed away). Also, whether the Client is a politically exposed person.

Compliance with due diligence requirements

Legal obligation arising from the Law of Succession Act

Legal obligation arising from the Money Laundering and Terrorism Financing Prevention Act

15. Data on Website sections visited by the Client

Risk management, monitoring and investigating to counter fraud (e.g. payment fraud)

Legitimate interest for security risk management, to counter fraud and resolve disputes in court or extrajudicially

4.5 Regards direct marketing (such as company news, information about campaigns and other similar updates to enhance Client knowledge related to the financial markets, etc.), the Client has the right to choose whether or not to receive marketing related emailsto their submitted email address. Such a preference can also be changed at any time through the Trader`s Room, under the ‘Subscriptions’ panel. It’s also possible to unsubscribe from these marketing emails by clicking the link within the received e-mail.


5.1 AM has the right to forward Customer Data to the following Third Parties:

  • Law enforcement authorities, such as bailiffs, notary offices, tax authorities, supervision authorities and financial intelligence units upon request. AM can also contact relevant authorities in case the Client is in breach of the Client agreement.
  • Other Admiral Markets companies, if needed for the provision of services, trading platform administration or customer or technical support experience.
  • Institutions providing financial services, for example banks, payment systems, institutions participating in the trade or payment execution, settlement and reporting cycle (for example regulated markets as execution venues, multilateral trading facilities, organised trading facilities, trade repositories, local and foreign brokers).
  • Auditors, legal and financial consultants, or any other processor authorised by Admiral Markets for.
  • Third parties maintaining registers (such as to credit registers, population registers, commercial registers, securities registers or other registers holding or intermediating Client data).
  • Other persons related to the provision of services of Admiral Markets, such as service providers used for archiving data and postal services.
  • AM may share Client data in the event of a merge, sale, restructure, acquisition, joint venture, assignment, transfer or other disposition of all or any portion of AM’s business, assets or stock (including in connection with any bankruptcy or similar proceedings).


6.1 Generally, Client data is not sent outside the European Economic Area (EEA). If there should occur a need to do so, then before the data send out, AM must check whether the country has sufficient level of data protection (assessment by European Commission) and must extensively analysis of the Third Party’s suitability to ensure secure data transmission.

6.2 In the absence of appropriate protection measures, AMis entitled to forward Client Data outside the European Economic Area in situations where forwarding the data is, for example, necessary for performing an agreement between the Client and AM or for implementing measures adopted on the basis of Client’s application anf request (for example making foreign payments). AM cannot ensure that another financial institution or other service provider processing Client Data in such countries would have the same data protection obligations are at the same level as in the European Economic Area or other country with sufficient level of data protection.


7.1 If AM has made a decision about a Client based solely on an automated process (e.g. through automatic profiling) that affects the Client’s ability to use the offered services or has another significant effect on the Client, the Client may ask to not be made subject to such a decision unless AM can demonstrate to the Client that such a decision is necessary for entering into, or the performance of, a contract between itself and the Client. Even where a decision is necessary for entering into or performing any obligations arising from the Client relationship, the Client may contest the decision and request human intervention. Automatic decisions made by the data processing system, without participation of the Client, shall be permitted only on the conditions and pursuant to procedures specified by law. Currently, AM does not use automatic decision making processes in it’s business practices.

7.2 Client data is manually used for profile analysis. AM uses profile analysis for the purpose of marketing, risk assessment for compliance with the requirements of prevention of money laundering and terrorism financing amdtransaction monitoring to counter fraud. Such data processing takes place on the basis of legitimate interest of AM (including marketing purposes) and as well as fulfilling it’s legal obligations.


8.1 AM shall not process Client Data for longer than necessary for performing the objectives of the Processing, including for complying with the duty, set forth in legal acts, to retain data and for resolving disputes arising from agreement(s) entered into with the Client or for resolving potential disputes. AM shall preserve Client data, who has entered into a Client agreement for receiving the investment services, for at least five years following the termination of the Client relationship, unless other terms for the preservation of data or documents are prescribed by law.

8.2 In general, AM shall retain Client’s Personal Data until the end of the statute of limitations.


9.1 AM respects Clients’ rights to access and control their personal data. AM will respond to requests concerning personal data processing and, when applicable, give access to, correct or delete personal data. Client’s have access to review their submitted data in Trader’s Room. The Clients have the right to:

  • receive information on whether AM is processing their Personal Data and if so, the right to receive information what kind of data is being processed (also visible in Trader’s Room) and how long the data is retained;
  • demand corrections to their Personal Data if the changes have been made to the data or the data are otherwise inaccurate (also visible in Trader’s Room);
  • prohibit the use of their contact data for receiving newsletters and offers via e-mail or phone number for marketing purposes. The Client can change its preferences for receiving such notifications in the Trader`s Room, when choosing ‘Subscriptions’. From newsletters and offers, the Client can unsubscribe also directly from the received e-mail;
  • demand cessation of Processing their Personal Data if the Processing occurs unlawfully meaning that AM lacks the legal basis for processing such data. AH has no right to process the Client Data unless AM’s interests outweigh the potential restriction of the Client’s rights (e.g. performance of general legal obligations);
  • demand deletion of their Personal Data if AM lacks the right to process such data or processes the data on the basis of the Client’s consent and the Client withdraws the consent. The deletion cannot be requested in an extent to which AM has the right or obligation to process Personal Data (e.g. for complying with a legal obligations, performing a contract, exercising its legitimate interest). The request to delete an individual’s personal data will result in the closure of their account(s), removal of their data from active processing and a termination of the Client relationship. However, AM is required to maintain the Clients personal data to comply with its legal and regulatory requirements, as well as in accordance with internal compliance requirements in relation to the maintenance of records;
  • receive a copy of its personal data that the Client has submitted to AM and which are being processed on the basis of consent or for performance of Client agreement, in a universal electronically readable format, and if technically possible, forward the data to another service provider. In case of the forwarding of data to a third party, clear written instructions from the Client must be received and verified. The Client must acknowledge that data portability can only be executed with data that has been gathered for the conclusion of Client agreement or has been gathered based on the consent given by the Client.

9.2 the Client may exercise its rights by contacting AM via the details specified in clause 10.1. AM shall respond to the demand without undue delay, and no later than one month of receiving the demand. If, prior to responding to the demand, it is necessary to ascertain circumstances, ask for additional details or perform checks, AM may extend the deadline for responding by notifying the Client about it.

9.3 The Client has the right go to court or to escalate their complaint about data processing to the data protection regulator in their jurisdiction for the protection of rights, unless the applicable laws prescribe a different procedure for handling such claim. In addition, the Customer has the right to contact the Data Protection Inspectorate (website: or a court in their jurisdiction in the event of violation of their rights.


10.1 Clients may contact AM in connection with queries for exercising their rights or asking other relevant questions regards data processing. The general contact details of AM are available on AM website:, selecting the ‘Contact Us’ page. If you would like to raise a question or send a query about data processing, please contact Admiral Markets’ appointed Data Protection Officer by clearly marking“FAO: Data Protection Officer”.’’

Post: Maakri 19/21, 10114 Tallinn, Estonia