1. Introduction and scope
This Privacy Policy explains how DuaFx Ltd. (“DuaFx”, “we”, “us” or “our”) collects, uses, discloses and safeguards personal data when you visit duafx.com, open or operate a trading account, use our proprietary trading platform, or otherwise interact with our services. It applies to prospective clients, account holders, partners, website visitors and job applicants alike.
We process personal data in accordance with applicable data protection regulations, including principles equivalent to those found in the EU General Data Protection Regulation (GDPR): lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality.
By using our website or services you acknowledge that you have read and understood this policy. Where consent is the legal basis for a specific processing activity, we will request that consent separately and you may withdraw it at any time.
2. Data we collect
Identity and contact data: full name, date of birth, nationality, residential address, email address, telephone number and government-issued identification documents collected during account opening and verification.
Financial and profile data: source of funds and source of wealth declarations, employment status, estimated net worth, trading experience questionnaire responses, deposit and withdrawal records, and the payment method details needed to process transfers. We do not store full card numbers on our own systems; card processing is handled by PCI DSS compliant payment providers.
Technical and usage data: IP address, device identifiers, browser type, operating system, login timestamps, pages visited, platform interactions and order history. Some of this data is collected automatically via cookies and similar technologies, described further in our Cookie Policy.
Communications data: records of emails, live chat transcripts, support tickets and, where permitted by applicable law and disclosed to you, recordings of telephone conversations retained for compliance and quality purposes.
3. Why we process your data
We process personal data to perform our contract with you: opening and administering your trading account, executing and settling orders, processing deposits and withdrawals, providing platform access and delivering client support.
We process data to meet legal and regulatory obligations, including identity verification, anti-money laundering screening, transaction monitoring, tax reporting and responding to lawful requests from courts, regulators and law enforcement under applicable regulations.
We also process data in pursuit of legitimate interests that are not overridden by your rights, such as securing our systems against fraud and abuse, improving platform performance, and — where you have not objected — sending you information about products and services similar to those you already use. You can opt out of marketing at any time using the unsubscribe link in any message or by contacting support@duafx.com.
5. International transfers
DuaFx operates globally and your data may be processed in jurisdictions other than your own, including the United Arab Emirates, where our headquarters are located. Whenever data crosses borders we apply appropriate safeguards such as contractual data protection clauses, vendor due diligence and, where relevant, adequacy assessments.
Regardless of where data is processed, it remains protected by the standards described in this policy and by the technical controls described in the Security section below.
6. Data retention
We retain client records for as long as your account is active and thereafter for the minimum period required by applicable anti-money laundering, tax and financial services regulations — typically between five and ten years after the relationship ends, depending on the record type.
Data that is no longer required is securely deleted or irreversibly anonymised. Anonymised, aggregated data that can no longer identify you may be retained for analytics and product improvement without time limit.
7. Your rights
Subject to applicable regulations, you have the right to access the personal data we hold about you, to have inaccurate data corrected, to request deletion of data we are not legally required to keep, to restrict or object to certain processing, and to receive a portable copy of data you provided to us in a structured, machine-readable format.
You may also withdraw any consent you have previously given, and you have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe your data has been mishandled.
To exercise any of these rights, contact our privacy team at support@duafx.com with the subject line “Data Subject Request”. We will verify your identity before acting on a request and will respond within the timeframe required by applicable regulations, typically thirty days.
8. Security
We protect personal data with layered technical and organisational measures: TLS encryption in transit, AES-256 encryption at rest, network segregation, role-based access controls, multi-factor authentication for staff systems, continuous logging and monitoring, and regular independent penetration testing.
Access to client data is restricted to employees who need it to perform their duties and who are bound by confidentiality obligations. Despite these measures no system is completely immune to risk; if a breach occurs that is likely to affect your rights, we will notify you and the relevant authorities without undue delay in accordance with applicable regulations.
9. Changes to this policy
We review this policy at least annually and update it when our practices, technologies or legal obligations change. Material changes will be announced by email or platform notification before they take effect.
The “last updated” date at the top of this page always reflects the current version. Continued use of our services after an update constitutes acceptance of the revised policy.
