Privacy Policy

iFOREX UK is a trading name of VIBHS Financial Limited, authorised and regulated in the UK by the Financial Conduct Authority under Firm Reference Number 613381. Incorporated as a Limited Company in England and Wales under Companies House number 08279988.

VIBHS Financial Ltd ("the Company", "the Firm", "we", "us" or "our") is a company registered in England and Wales under registration number 08279988, and the address of our registered office is at 34 Westway, Caterham On The Hill, Surrey, England, CR3 5TP. We are authorised and regulated by the Financial Conduct Authority ("FCA") under the Financial Services and Markets Act 2000 (the "Act") with FCA Firm Reference Number ("FRN") 613381.

We provide our customers with foreign exchange contracts ("Forex") and Contracts for Difference ("CFDs") trading.

We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using our website, you agree to be bound by this privacy policy however, you are free to withdraw your consent anytime by notifying us.


We know that you are concerned with how we deal with your personal information. This privacy statement sets out our current policies and demonstrates our commitment to your privacy. Our privacy policy may change at any time in the future for compliance purposes. You agree to revisit this page regularly and your continued access to or use of the Website will mean your consent to the changes.

Purpose of the Data processing

We are required to maintain certain personal data about individuals for the purposes of satisfying our operational and legal obligations (to open an account, client due diligence, money laundering prevention, transact business effectively and to safeguard your assets and your privacy). We recognise the importance of correct and lawful treatment of personal data as it helps to maintain confidence in our organisation and to ensure efficient and successful outcomes when using this data.

We collect your personal data to provide you with our services as specified in our Customer Terms and Conditions and other documents regulating our business relationship with you and published at

We only use personal information as appropriate to provide you with a high quality of service and security. We may use the personal data collected from you to verify your identity and contact information and to establish the business relationship with you. We may also use this information to establish and set up your trading account, issue an account number and a secure password, maintain your account activity, and contact you with account information.

We also use your personal data to process and execute your trading orders. We also may use your personal data to receive or send payments to you / from you. In this case, we may share your personal data with external payment provider, which you use to process the payment to us / from us, for example: your bank, corresponding banking institution, payment services provider. This information helps us improve our services, satisfy financial regulation and inform you about new products, services or promotions that may be of interest to you.

Principles of the Data processing

All data is:

  • Fairly and lawfully processed;
  • Processed with specified legal basis;
  • Adequate, relevant and not excessive;
  • Not kept for longer than necessary;
  • Processed in accordance with the individual's (data subject's) rights;
  • Secure; and
  • Not transferred to other countries without adequate protection.

Personal Data We Collect

We may collect and process the following data about you:

  • Information that you provide by filling in forms on our website, in emails, by calls, in our live chat, support centre;
  • Up-to-date data about yourself and your identity, if you register your personal details to use our service;
  • Data you provide to us in the applications we ask you to fill in;
  • Details of your visits to our website, details of your emails, calls and requests sent through the live chat, support centre from, including, but not limited to: traffic data, location data, weblogs and other communication data, the resources that you access, devices and services you use to contact us.

The personal data that we collect from our customers, process and control to provide our services, include:

  • Name, date of birth, address, identity document (ID card, passport, driver license et cetera);
  • Contact details such as email address, phone number, postal address, messengers and / or social networks ID;
  • Financial data such as source of funds you deposit or intend to deposit to us, source of wealth, bank statement or your balances with us;
  • Occupation and name of employer;
  • Payment data such as deposits and withdrawals amount, date of payment, banks and other payment institutions involved in the payment process;
  • Trading data such as orders and their execution results; and
  • Technical data such as your IP addresses used to access our Website and services, your activity logs in our systems.

Considering our obligations under respective AML / CFT regulations we also collect, process and control the documents, which the customer provides to us to verify the information provided to us and specified above. This includes: passport, driving license and other ID copies, utility bills or other documents confirming the address of the customer, bank or other financial institutions statements, documents confirming source of funds and/or source of wealth etc.

We also collect the personal data about current, past and prospective clients and customers, website visitors, etc. with whom we have dealings. This information may include information required to communicate with you, including your name, mailing address, telephone number, email address and your location information.

We may also ask you for information when you report a problem with the Site. If you contact us, we may keep a record of that correspondence. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

You have choices about the data we collect. When you are asked to provide personal data, you may decline. Subject to the provisions of this policy specified below, you are also entitled to have the Firm erase your personal data, cease further dissemination of the data and potentially have third parties halt processing of the data.

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal however, if you choose not to provide data that is necessary to provide a service or feature or to withdraw the data that is still relevant to original purposes of processing, you may not be able to use that service or feature.

The data we collect depends on the context of your interactions with the Company, the choices you make, including your privacy settings, and the service and features you use. We shall comply with the regulations applicable to the financial services providers, including AML / CFT regulations. As a result, we need to collect, process and keep your personal data to meet the applicable legislation.

Your refusal to provide us with the personal data in some cases may lead to freezing of your accounts with us and the funds held on such accounts. Under certain circumstances we shall also report your activity and respective personal data to authorities.

Personal data may consist of data kept on paper, computer or other electronic media all of which is protected under the GDPR.

Your rights

As a data subject which provides its personal data to us you are entitled to:

  • Obtain from us an information whether your personal data is being processed by us. You may also access your personal data and request us to provide you with a copy of your personal data;
  • Obtain from us without undue delay the rectification of inaccurate personal data. You also have the right to have incomplete personal data completed;
  • Subject to the data protection regulations applicable to you, you may request from the Firm the erasure of your personal data without undue delay. The request shall be made on the legal grounds provided in the data protection regulations applicable to you, which include among other:
    • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • You withdraw your consent on which the processing is based according to the provisions of the applicable data protection regulations and where there is no other legal ground for the processing;
    • You object to the processing pursuant to the applicable data protection regulations and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;
    • The personal data have been unlawfully processed; and
    • The personal data must be erased for compliance with a legal obligation in European Union or the United Kingdom law to which the Firm is subject.
    • You should also pay an attention that being a financial services provider we shall keep a part of your personal data to comply with FATF recommendations, Money Laundering Regulations 2017 and other applicable legislation. Your request to erase your personal data would not affect such part of the personal data.
  • Subject to the data protection regulations applicable to you, you may request from the Company to restrict processing of your personal data in the following cases:
    • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of your personal data;
    • The processing of your personal data is unlawful, and you oppose the erasure of your personal data and request the restriction of their use instead;
    • The Firm no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
    • You object to processing pursuant to the applicable data protection regulations pending the verification whether the legitimate grounds of us override yours.
  • You shall be notified by us once any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed takes place;
  • Receive your personal data, provided to the Firm, in a structured, commonly used and machine-readable format and you have the right to transmit those data to any third party. You may also ask us to transmit your personal data directly from the Company to other person in case such other person support the data formats and secure connections used by us to transmit such data;
  • Object, on grounds relating to your situation, at any time processing of your personal data. If you do so, the Firm would not process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Such grounds include among other the responsibilities of the Firm arising out of AML / CFT regulations; and
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you however, we could do so if this is necessary for entering into, or performance of, a contract between us. We use an automated information system, which collects and process your personal data and decide in respect to the entering into agreement with you or requests an additional information from you to execute our obligations under the agreement with you.

Reasons we share your personal data

We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorised (debiting and crediting your accounts, executing your trading orders, providing support to you etc.).

To provide you with our services we share your personal data with our partners, vendors and service providers, including IT and software providers and vendors. We may also share your personal data with third parties and authorities if required by law, in respond to legal process, to protect our clients, to maintain the security of our services and to protect the rights or property of the Firm.

We do not sell, license, lease or otherwise disclose your personal data to any third party for any reason, except as described below.

We reserve the right to disclose your personal data to third parties when required to do so by law to regulatory, law enforcement or other government authorities. We may also disclose your information as necessary to credit reporting or collection agencies. We may also disclose your information to non-affiliated third parties if it is necessary to protect our rights or property.

We share your personal data with the banks and payment institutions, which process your payments to / from us. Commonly, we share your name, address, contact details (email) and the amount of payment to / from you. Such disclosure is made solely to provide you with an ability to deposit withdraw funds to / from us.

We may share your personal data with third parties acting as our liquidity providers. Once we hedge your positions with external liquidity providers they may access the information regarding your trading orders, including types of derivatives traded, their amount.

Your personal data may be shared with our software vendors and IT services providers including trading platform providers (hereinafter - "IT vendors"). While providing the Company with software, modifications, implementation and support IT vendors may have access to our information systems from their systems and locations.

As a result, some of your personal data depending on the system where they are kept may be disclosed to our IT vendors. We limit an access of such IT vendors to our information systems to the best of our abilities however, the situation may arise that in the process of software maintenance (modification of software functionality, migrating data to the new software versions, fixing bugs etc.) the vendor and/or IT provider get an access to the databases where your personal data is stored.

Some of IT vendors act as our technology providers based on the software-as-a-service (SAAS) business model. In this case, we use their information systems installed on their hardware environment. Respectively, our databases may be kept on the servers of such vendors. In this case, we limit an access of the IT vendors by the mean of integrated management rules, which prevent a vendor from accessing the data kept by its clients.

To help us improve our services to you, we may engage another business to help us to carry out certain internal functions such as account processing, client service and support, client satisfaction surveys or other data collection activities relevant to our business. We may also provide a party with customer information from our database to help us to analyse and identify customer's needs and notify customers of product and service offerings. Use of the shared information is strictly limited to the performance of the task we request and for no other purpose.

According to the applicable legislation and regulation we are required to upload your trading data (trading orders and / or positions) along with some of your personal data (name and / or UID) to the trading data depositories. We enter into agreements with the well-known international depositories, which could provide a highest level of data security.

We may share information with affiliates, subsidiaries and partners, if the information is required to provide the product or service you have requested, or to provide you with the opportunity to participate in the products or services our affiliates, subsidiaries and partners offer.

We may also forge partnerships and alliances, which may include joint marketing agreements, with other companies who offer high-quality products and services that might be of value to our customers. To ensure that these products and services meet your needs and are delivered in a manner that is useful and relevant, we may share some information with partners, affiliates and alliances. This allows them to better understand the offers that are most relevant and useful to yourself. The use of your personal data is limited to the purposes identified in our relationship with the partner or affiliate.

All third parties with which we share your personal data are required to protect your personal data in a manner similar to the Company's. We use a variety of legal mechanisms, including contracts, to help insure your rights and protections.

Restriction of responsibility

If at any time you choose to purchase a product or service offered by another company, any personal data you share with that company will no longer be controlled under our Privacy Policy. We are not responsible for the privacy policies or the content of sites we link to and have no control of the use or protection of information provided by you or collected by those sites. Whenever you elect to link to a co-branded Web site or to a linked Web site, you may be asked to provide registration or other information. Please note that the information you are providing is going to a third party, and you should familiarise yourself with the privacy policy provided by that third party.

  • Access to Personal Data;
  • All individuals who are the subject of personal data held by us are entitled to;
  • Ask what information we hold about them and why;
  • Ask how to gain access to it;
  • Be informed how to keep it up to date;
  • Have inaccurate personal data corrected or removed;
  • To receive the personal data concerning them, which they have previously provided;
  • Prevent us from processing information or request that it is stopped if the processing of such data is likely to cause substantial, unwarranted damage or distress to the individual or anyone else, etc.;
  • Require us to ensure that no decision which significantly affects an individual is solely based on an automated process for the purposes of evaluating matters relating to them, such as conduct or performance; and
  • Be informed what we are doing to comply with our obligations under the personal data protection laws.

If you cannot access certain information and personal data collected by the Firm, you may contact the Firm using the contact details as specified in this Privacy Policy. We will respond to requests to access or delete your personal data within thirty [30] days.

Should you consider that your rights under this Privacy policy and / or applicable legislation are infringed by us and the Firm did not take all necessary actions to remedy such violation or rejected your claim, you have the right to lodge a complaint with a supervisory authority and before the competent court.

Security of Personal Data

We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff.

We use leading encryption technologies to secure your data on a hardware and software levels. The hardware protection includes Cisco security products. The software protection tools include strict control mechanisms as follows: SSL 3, TLS 1.2 with keys larger than 2048-bit.

The Firm's staff and third parties, when contracted to provide support services, are required to observe our privacy standards and to allow us to audit them for compliance.

Breach of Personal Data

In the case of a personal data breach, the Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority- Information Commissioner's Office, UK (ICO)unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to ICO is not made within 72 hours, it shall be accompanied by reasons for the delay according to the Article 33 of GDPR.

Where Personal Data is stores and processed

Personal data collected by the Company may be stored and processed in your region or in any other country where the Company or its affiliates, subsidiaries or service providers maintain facilities. Typically, the primary storage location is in the European Union and United Kingdom, with a backup to the datacentres in another region. The storage location(s) are chosen to operate efficiently, to improve performance, and to create redundancies to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.

We transfer personal data from the European Economic Area and United Kingdom to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data.

Where Personal Data is stores and processed

The Company retains your personal data for the whole period of the business relationship with you and five [5] years from the moment termination of such relationship however, the period of your personal data retention can vary for different data types in the context of various products, actual retention periods can vary significantly. The criteria used to determine the retention periods include, for example:

  • The period of data processing needed to provide the services. This includes such things as maintaining and improving the performance of those services, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.
  • The data subject's consent for a longer retention period. If so, we will retain data in accordance with the consent.
  • The Firm is subject to a legal, contractual, or similar obligation to retain the data. Mandatory data retention laws including AML / CFT regulations can be applied in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.

Use of Cookies

Cookies are small text files sent from the Web server to your computer. We use cookies to assist us in securing your trading activities and to enhance the performance of our Website. Cookies used by us do not contain any personal information, nor do they contain account or password information. They merely allow the site to recognise that a page request comes from someone who has already logged on.

We may share Website usage information about visitors to the Website with reputable advertising companies for targeting our Internet banner advertisements on this site and other sites. For this purpose, pixel tags (also called clear GIFs or web beacons) may be used to note the pages you have visited. The information collected by the advertising company using these pixel tags is not personally identifiable.

To administer and improve our Website, we may use a third party to track and analyse usage and statistical volume information including page requests, form requests, and click paths. The third party may use cookies to track behavior and may set cookies on behalf of us. These cookies do not contain any personally identifiable information.

Changes to this Privacy Policy

From time to time, we may update this Privacy Policy. In the event we materially change this Privacy Policy, the revised Privacy Policy will promptly be disclosed to the websites and we will post a notice on our websites informing you of such changes.

You agree to accept posting of a revised Privacy Policy electronically on the website as actual notice to you and therefore confirm the consent. Any dispute over our Privacy Policy is subject to this notice and our agreement with you. We encourage you to periodically check and review this policy so that you will always know what information we collect, how we use it, and to whom we disclose it. If you have any questions that this statement does not address, please contact us.


If you have a privacy concern, complaint or a question for the Data Protection Officer, please contact us via We will respond to questions or concerns within 30 days.

Unless otherwise stated, the Firm is a data controller for personal data we collect through the services subject to this statement. The Company is a private limited company under Companies House number 08279988. The registered address is 34 Westway, Caterham On the Hill, Surrey, England, CR3 5TP. The Firm's Compliance Officer is also the person responsible for data protection as the Data Protection Officer. The address for correspondence is 11-12 Token House Yard, London, EC2R 7AS. Telephone: 02077093041.

By browsing this page or by closing the message you are agreeing to our use of cookies. Read our cookie policy