TriAlgo
Back to home

Personal and business data processing policy (GDPR)

Information on how TriAlgo processes personal and business data in connection with facilitating the copy-trading service.

5.1. Data controller

The Provider (TriAlgo) is the controller of personal data obtained in connection with facilitating the copy-trading service.

5.2. Scope of processed data

  • Client identification data (first name, surname) – if provided during communication.
  • Contact details (e-mail, phone) – for technical support and communication purposes.
  • Accounting and contractual data (broker account number, trading link) – for the technical operation of copy-trading.
  • Technical data (API call logs, IP address) – for monitoring operations and securing the service.

5.3. Purpose and legal basis of processing

  • Providing and ensuring the technical operation of the copy-trading service (Art. 6(1)(b) GDPR – performance of a contract / technical processing).
  • Communication with the Client (Art. 6(1)(f) GDPR – legitimate interest: maintaining service quality and handling enquiries).
  • Compliance with legal obligations (Art. 6(1)(c) GDPR – archiving of accounting documents, protection against misuse).

5.4. Retention period

  • Personal and contact data: for the duration of the relationship between the Client and the Provider and subsequently for the period stipulated by applicable law (min. 3 years from the end of facilitation).
  • Technical logs: for the period necessary for analysis and securing the service (max. 1 year), then anonymisation or deletion.

5.5. Data recipients

  • Processors: hosting providers, database administrators, e-mail service providers.
  • Law enforcement and supervisory authorities (where required by law).

5.6. Transfer of personal data

Data is not transferred to third countries outside the EU/EEA.

5.7. Rights of the data subject

The data subject has the right:

  • To access personal data (Art. 15 GDPR).
  • To rectify inaccurate data (Art. 16 GDPR).
  • To erasure (the “right to be forgotten”) under Art. 17 GDPR, if there are no grounds for further processing.
  • To restriction of processing (Art. 18 GDPR).
  • To data portability (Art. 20 GDPR).
  • To object to processing (Art. 21 GDPR).
  • To lodge a complaint with the supervisory authority (the Office for Personal Data Protection).

5.8. Security of processing

The Provider ensures appropriate technical and organisational measures to protect personal data against unauthorised access, loss or leakage.