GDPR Compliance
How Trade on tv protects the personal data of users in the European Union under the General Data Protection Regulation.
Section · 01
Introduction
All Software 24 L.L.C.-FZ, the operator of Trade on TV, is committed to protecting your personal data and complying with the European Union General Data Protection Regulation (Regulation 2016/679, "GDPR"). This page explains how we collect, process, and protect the personal data of users located in the European Economic Area (EEA), and how you can exercise your rights under the GDPR.
Although Trade on tv is established in the United Arab Emirates, we apply GDPR standards wherever we process personal data of individuals in the EEA, in line with Article 3 of the Regulation.
We take our data protection responsibilities seriously and have implemented technical, organizational, and contractual measures to ensure compliance.
Section · 02
Data Controller
For the purposes of the GDPR, the data controller responsible for your personal data is:
All Software 24 L.L.C.-FZ
KHALID SHABAN Office No. 305-427
Meydan Road, Nad Al Sheba
Dubai, United Arab Emirates
For any data protection question or request, you can contact us at privacy@tradeontv.com.
Section · 03
Your Rights Under the GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right of Access (Art. 15)
You can request a copy of the personal data we hold about you, along with information about how we process it.
Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17)
Also known as the "right to be forgotten." You can request deletion of your personal data where one of the conditions in Art. 17 applies.
Right to Restriction of Processing (Art. 18)
You can request that we limit how we process your data in defined circumstances.
Right to Data Portability (Art. 20)
You can receive your personal data in a structured, commonly used, machine readable format, or have it transmitted to another controller where technically feasible.
Right to Object (Art. 21)
You can object to processing based on legitimate interest, including profiling. You have an unconditional right to object to processing for direct marketing purposes.
Right Not to Be Subject to Automated Decision Making (Art. 22)
We do not make decisions about you that produce legal or similarly significant effects through purely automated means. Our AI assistant provides informational responses only and does not make decisions about you.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with your local supervisory authority in the EEA.
How to Exercise Your Rights
Send your request to privacy@tradeontv.com. We will respond within one month of receipt, in line with Art. 12(3) of the GDPR. For complex or numerous requests, this period may be extended by a further two months, and we will inform you accordingly.
To protect against unauthorized disclosure, we may need to verify your identity before processing your request.
Section · 04
Data We Collect
We collect and process the following categories of personal data:
Account Information
Name, email address, password, account preferences, and subscription details.
Usage Data
Information about how you interact with the Platform, including viewed market data, watchlist contents, charts opened, news read, AI prompts submitted, session duration, and feature preferences.
Technical Data
IP address, device type, operating system, application version, browser, time zone, language and region settings, and unique device identifiers.
Mobile Specific Data
Where you use our mobile application, we may also process push notification tokens, optional permission grants (notifications, location), crash and performance telemetry, and platform specific identifiers in line with Apple App Tracking Transparency and Google Play Data Safety guidelines.
Communication Data
Support queries, beta feedback, survey responses, and communication preferences.
How We Collect This Data
- Direct interactions. Information you provide when registering, using the Service, or contacting us.
- Automated collection. Information collected automatically through your use of the Platform, including cookies and similar technologies on our website.
- Third parties. Information received from service providers, payment processors, and partners.
Section · 05
Legal Basis for Processing
Under Art. 6 of the GDPR, we must have a valid legal basis for processing your personal data. Depending on the context, we rely on one or more of the following:
Contract (Art. 6(1)(b))
Processing necessary for the performance of a contract with you, such as providing the Service, managing your account, and processing payments.
Consent (Art. 6(1)(a))
Where we rely on consent, for example for marketing communications or non essential cookies. You can withdraw consent at any time.
Legal Obligation (Art. 6(1)(c))
Processing necessary to comply with legal obligations, such as tax record keeping or responding to regulatory requests.
Legitimate Interests (Art. 6(1)(f))
Processing necessary for our legitimate interests, including improving the Service, ensuring information security, preventing fraud, and aggregate analytics, balanced against your rights and freedoms.
Section · 06
Data Security
We have implemented appropriate technical and organizational measures (TOMs) in line with Art. 32 of the GDPR, proportionate to the risks presented by our processing activities.
Encryption
TLS 1.2 or higher for data in transit. Strong encryption algorithms for sensitive data at rest.
Access Controls
Strict role based access controls and authentication. Access rights are regularly reviewed and follow the principle of least privilege.
Security Assessments
Regular vulnerability monitoring and dependency scanning to identify and remediate weaknesses.
Data Backup
Regular backups to ensure availability and recoverability, with restore tests performed periodically.
Staff Training
Personnel receive training on data protection and security best practices. All staff and contractors are bound by confidentiality undertakings.
Incident Response
We maintain a documented incident response procedure. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of it, in line with Art. 33 of the GDPR. Where the breach is likely to result in a high risk, we will also inform affected individuals.
Section · 07
International Transfers
As a service operated from the United Arab Emirates, your personal data is transferred outside the EEA to be processed. We ensure appropriate safeguards are in place in line with Chapter V of the GDPR.
Standard Contractual Clauses
We rely on the European Commission's Standard Contractual Clauses (SCCs) for transfers to processors located in countries without an adequacy decision.
Adequacy Decisions
Where transfers are to countries recognized by the European Commission as providing an adequate level of protection.
Transfer Impact Assessments
We conduct Transfer Impact Assessments (TIAs) for significant transfers to jurisdictions without an adequacy decision, evaluating local law and supplementary measures.
Supplementary Measures
Where necessary, we implement supplementary measures such as encryption, pseudonymization, or contractual restrictions to ensure an essentially equivalent level of protection.
A copy of the SCCs or details of applicable safeguards can be requested at privacy@tradeontv.com.
Section · 08
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including meeting any legal, accounting, or reporting requirements.
Retention Principles
Account data
Retained while your account is active. Upon deletion, primary identifiers are removed, and aggregate analytics may be retained in anonymized form.
Communication data
Typically retained for up to 24 months after the last interaction.
Server logs
Typically retained for 30 to 90 days for operational and security purposes.
AI Assistant prompts
Retained for up to 30 days for service improvement, then deleted or anonymized.
Payment records
Retained as required by applicable tax and accounting regulations.
When no longer necessary, we securely delete or anonymize personal data so that it cannot be recovered or attributed to an individual.
Section · 09
Sub Processors
We engage trusted third party service providers to support the operation of the Platform. All sub processors are bound by Data Processing Agreements (DPAs) requiring appropriate technical and organizational measures in line with Art. 28 of the GDPR. Sub processors include providers of:
- Cloud hosting and infrastructure
- Email delivery
- Payment processing
- AI services for the assistant feature
- Analytics and crash reporting
A current list of sub processors is available on request at privacy@tradeontv.com.
Section · 11
Children's Data
Trade on tv is intended for users 18 years of age or older. We do not knowingly collect personal data from children. If we become aware that we have collected data of a child without parental consent, we will delete it promptly.
Section · 12
Changes to This Policy
We may update this GDPR Compliance page from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated by updating the "Last updated" date and, where appropriate, through additional notice such as an in app message or email.
Section · 13
Contact and Supervisory Authority
For any GDPR related question, request, or concern, please contact us:
Email (Privacy)
Email (General)
Postal address
All Software 24 L.L.C.-FZ, KHALID SHABAN Office No. 305-427, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates
Response Time
We respond to legitimate requests within one month. For complex requests, this period may be extended by a further two months, and we will keep you informed.
Supervisory Authorities
You also have the right to lodge a complaint with the supervisory authority for data protection in your country of residence within the EEA. A list of authorities is available at edpb.europa.eu.
Need help with your data privacy rights?
Our Data Protection team is here to assist with any GDPR-related inquiries or requests.