Important Information

This Privacy Policy relates to your use of our website(s), OnsaFx Trade: Online Trading, and application (the “app”), and to information collected by us in relation to your opening of an Account and the services provided by OnsaFx.

Let me know if you’d like to update or complete the “Account Value” definition or continue with more sections!

 

Who we are

OnsaFx (Pty) Ltd is a Financial Service Provider registered and headquartered in South Africa with registration number 2023/648987/07, and authorised by the Financial Sector Conduct Authority (FSCA) under licence number FCSA 53192. The registered office of OnsaFx (Pty) Ltd is at 26 Baker Street, Rosebank, Johannesburg, South Africa, 2196.

Your personal data will be controlled by OnsaFx (Pty) Ltd, the entity that provides services to or is in electronic communication with you. In some instances, your personal data may be exchanged between affiliated service providers working with OnsaFx, as applicable.

Any enquiries regarding the use of your personal data should be sent to support@onsafx.com.

What Personal Data Do We Collect and Process

We may collect, use, store, and share different kinds of your personal data, including but not limited to:

  • Identity Data: Your name, username or similar identifier, title, date and place of birth, gender, country of residence, and citizenship.

  • Contact Data: Your contact details including billing address, delivery address, email address, and telephone number(s).

  • Verification Documents: Information contained in various identity documents and copies, such as your passport, identity card, driver’s license, documents for proof of address (e.g., utility bill), proof of source of funds (e.g., payslips, tax returns), and results from credit checks.

  • Economic Profile: Information including your assets, income, financial status/source of wealth, employment status, profession and industry, bank account and bank statement, e-wallet and credit card details.

  • Professional Background: Your education, profession, job title, and nationality.

  • Contractual Data: Details about the services and/or products we offer to you.

  • Trading Information: The reason for opening an account, your trading experience, risk tolerance, and risk profile.

  • Transaction Data: Details about payments made to and from you, products and services purchased, deposit methods, and purpose of transactions.

  • National Identifier Data: Such as your tax identification number and country of tax residence.

  • Profile Data: Your username and password, historical trade data, preferences regarding products and services, and survey or feedback responses.

  • Public Data: Information available online or in public records or other open-access sources.

  • Consent Data: Any consents, permissions, or preferences provided to OnsaFx.

  • Marketing and Communication Data: Your communication preferences, email/chat records with us, and marketing preferences including those involving third-party communications.

  • Technical Data: IP address, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform, and other technologies used to access our site or app.

  • Usage Data: Information on how you use our website, app, products, and services.

We collect this information through:

  • Account application forms, demo sign-ups, and ongoing service communication;

  • Information from third parties, such as:

    • Public records

    • Social media platforms

    • Introducers, brokers, and affiliates

    • Banks and payment processors

    • Credit reference and fraud prevention agencies

    • Authentication service providers

    • Other financial institutions and service providers.

We also process personal data generated by us during our business relationship with you, such as trading and transaction records.

We may occasionally request additional data (e.g., via surveys, market research, or special offers). If you do not provide requested data, we may be unable to provide the relevant product or service.

How We Collect Your Personal Data and Purpose

By registering a Personal Area, you agree to have your personal data processed and specifically consent to the collection, systemization, aggregation, storage, revision (updating, changing), usage, anonymization, blocking, deletion, and distribution (transfer) of said personal data to third parties in accordance with the conditions set forth in this Privacy Policy.

We request the data necessary for registering a Personal Area, enabling access to our services, and for resolving any potential disputes between you and OnsaFx. Providing this data is essential for client identification and allows you to perform various operations within your Personal Area and trading accounts.

We may also collect additional data to better understand your needs and preferences through methods such as Live Chat, brief surveys within your Personal Area, and direct communication via phone. This data is provided voluntarily by you.

We use the data you directly provide when communicating with us to ensure the delivery of secure, high-quality services.

The personal data you provide helps us:

  • Verify your identity and contact information.

  • Register your Personal Area and trading accounts.

  • Configure services and provide activation credentials (e.g., codes and passwords).

  • Communicate important updates, new features, and promotions tailored to your preferences.

We may review, store, or delete your personal data—including physical records and correspondence—according to applicable legislation.

Who We Share Your Personal Data With and In What Circumstances

We may disclose your personal information to entities within the OnsaFx group of companies, as well as to service providers involved in delivering products or services to you—such as payment service providers, outsourced compliance services, website hosting providers, analytics providers, and our banking partners.

We and these third parties may also share your personal data with:

  • External auditors (ours and theirs), for audit purposes. These parties are bound by strict confidentiality obligations.

  • Professional advisors, such as lawyers, accountants, or consultants, who are also subject to confidentiality obligations.

We may also pass your personal data to third-party authentication service providers such as Sumsub when you perform identity checks or document verification using our system. This helps us comply with legal obligations related to anti-money laundering (AML) and customer due diligence (CDD). We take necessary precautions to maintain the confidentiality and security of your data during any such transfer.

We reserve the right to disclose your personal data:

  • When required by law;

  • In response to formal requests from law enforcement, regulatory bodies, or government agencies;

  • As specified in your agreement with us.

Additionally, we may provide your data to:

  • Tax authorities or any institution requiring it to ensure compliance with AML, anti-terrorism, or financial crime laws;

  • Protect our legal rights, operations, and property.

To ensure the highest standard of service, we may share your personal data with selected partners. Upon your request, we are happy to provide details regarding the services they perform on behalf of OnsaFx.

We also monitor how third-party agents and service providers use your data to ensure they fully comply with our confidentiality agreements and data protection policies. OnsaFx retains access to this data at all times to ensure no misuse occurs.

Security and Protection

OnsaFx complies with the Payment Card Industry Data Security Standard (PCI DSS) to ensure the highest levels of security and privacy for your data. We conduct regular vulnerability scans and penetration tests in line with PCI DSS requirements, appropriate for our business model.

We have implemented reasonable and robust security measures to protect your personal data from accidental loss, misuse, unauthorized access, disclosure, alteration, or destruction. Access to your personal data is strictly limited to individuals who have a legitimate business need. These individuals are bound by strict confidentiality obligations and are required to process your data only on our instructions.

We also maintain detailed procedures to address any suspected data breaches. If a breach occurs that may compromise your data, we will notify you and any applicable regulator as required by law.

 

Use of Cookies

We use cookies on our website to ensure it functions effectively, support your trading experience, prevent fraud, and maintain platform security. Cookies are small text files sent from our web server and stored on your computer or device.

We may also engage external service providers to assist in managing our website and analyzing usage statistics. These providers may set and manage their own cookies on our behalf to track site usage and improve performance.

 

How We Store Your Personal Data and For How Long

OnsaFx will process and retain your personal data for as long as we maintain a business relationship with you. Your data is stored securely in a combination of computer systems, paper-based files, and other secure record-keeping methods, and we take all reasonable measures to protect it from misuse, loss, unauthorized access, modification, or disclosure.

If you instruct us to stop processing your personal data, OnsaFx reserves the right to terminate any existing services provided to you, either within a reasonable period or immediately, depending on the nature of the services.

When we determine that personal data is no longer required for the purpose it was collected, we will either:

  • Securely destroy the data, or

  • Anonymize it so that it can no longer be linked back to you.

However, in accordance with Anti-Money Laundering (AML) laws and other compliance requirements, we may be required to retain your information for a defined period—even after you cease being our client. This includes identification documents, customer due diligence materials, and transaction records.

For personal data stored as emails, phone calls, digital messages, or in-person communications, retention will be in line with requirements imposed by our regulatory authority.

If you opt out of receiving marketing communications, your details will be placed on a suppression list to ensure you are not contacted in the future.

We may also retain data for longer than legally required if technical, regulatory, or legal reasons prevent immediate deletion.

Commencement. Changes to the Privacy Policy

By registering a Personal Area, you acknowledge and accept all provisions stated in this Privacy Policy. Communication between you and OnsaFx begins when we send you a confirmation email of your registration. We may also send you email updates about service changes or new features, and you may send us suggestions or queries. Such communications are not considered confidential.

By accepting this Privacy Policy, you consent to OnsaFx’s use of information shared via email (including ideas, methods, marketing input, and know-how), without any additional obligation to you.

We may review, store, and delete email or other communications as required under applicable law. These may also be analyzed to assess service quality.

This Privacy Policy may be updated periodically, and the revised version will be posted immediately to our website. We recommend reviewing the policy regularly to stay informed about how your personal data is handled.

 

Your Rights in Relation to Personal Data

Subject to certain conditions and in accordance with applicable data protection laws, you may have the right to:

  • Be informed about the collection and use of your personal data;

  • Request access to your personal data;

  • Request the correction or rectification of inaccurate or incomplete personal data;

  • Request restriction or limitation of the processing of your personal data;

  • Request the deletion (erasure) of your personal data;

  • Object to the processing of your personal data, including for direct marketing purposes;

  • Withdraw consent to processing, where processing is based on consent.

Personal data is collected primarily to comply with relevant legal and regulatory obligations. If you refuse to provide the required information, this may result in the rejection of your application or the closure of your account(s).

It is your responsibility to ensure that the personal data we hold about you is accurate and up to date. Please inform us promptly of any changes during your engagement with us.

If you have any questions regarding this Privacy Policy, wish to exercise your rights, request corrections, or lodge a complaint, you may contact us at:
📧 support@onsafx.com

 

South African Data Protection Notice

Your privacy is important to us. OnsaFx (Pty) Ltd is committed to respecting your privacy and maintaining the confidentiality of your information.

This Privacy Policy covers the website onsafx.com and all its related subdomains or applications operated by OnsaFx (Pty) Ltd, and explains how we collect, use, store, and protect your personal data in compliance with South African data protection laws.

By submitting your personal details and/or using our website, you acknowledge and agree to the terms of this Privacy Policy and how we process your personal information.

We may update this Privacy Policy from time to time. The latest version will always be available on our website. You can check the last updated date at the bottom of the policy.

 

Who Are We?

OnsaFx (Pty) Ltd is a Financial Service Provider registered in South Africa with:

  • Registration Number: 2023/648987/07

  • FSCA License Number: FCSA 53192

  • Registered Address: 26 Baker Street, Rosebank, Johannesburg, South Africa, 2196

As an authorised Over-the-Counter Derivatives Provider (ODP), OnsaFx is subject to and complies with the following South African legislation:

  • Financial Advisory and Intermediary Services Act, 2002 (FAIS)

  • Financial Intelligence Centre Act, 2001 (FICA)

  • Financial Markets Act, 2012

We process your personal data in a manner aligned with all applicable legislation. We are required to retain certain information for legal, regulatory, tax, and audit purposes. Depending on business and regulatory needs, we may retain your data for longer than legally prescribed periods—provided such retention is lawful and justifiable.

Personal Information We Collect and Process

We collect, use, store, and transfer various types of personal information about you throughout our relationship. These are grouped as follows:

  • Identity Data: Full name, country of residence.

  • Contact Data: Email address, telephone number(s).

  • Document Information: Information contained in documents such as your passport, ID, driver’s license, proof of address (e.g., utility bills), proof of funds (e.g., payslips, tax returns), and credit checks.

  • Economic Profile: Assets, income, financial position, source of wealth, employment status, profession, industry, bank account information, e-wallet, and credit card details.

  • Professional and Educational Information: Education, profession, employment details, and nationality.

  • Contractual Data: Details about the products and services offered to you.

  • Trading Information: Reason for account opening, trading experience, risk profile, and tolerance.

  • Payment and Transaction Data: Information on payments, transaction purpose, deposit methods, and products/services purchased.

  • National Identifier Data: Tax identification number and country of tax residence.

  • Profile Data: Preferences, interests, feedback, and survey responses.

  • Public Record & Open Source Data: Information available online or in public records.

  • Consent/Permissions: Any consent, permissions, or preferences given to OnsaFx.

  • Marketing and Communication Data: Communications via email, chat, and your preferences for marketing communications from us or third-party partners.

  • Technical Data: IP address, browser type and version, operating system, time zone, device identifiers, and other technology used to access our website/app.

  • Usage Data: Information on how you use our website, apps, products, and services.

Note: Failure to provide compulsory information may limit our ability to deliver regulated financial services as an authorised ODP (Over-the-Counter Derivatives Provider).

Source of Collection

We collect personal information about:

  • Website visitors, clients, and prospective clients,

  • Third-party service providers,

  • Other individuals we interact with during our business operations.

We typically collect personal data directly from you unless the law allows or requires us to collect it from other sources, such as:

  • Your interactions with our website/platforms,

  • Communications with us via email, phone, forms, or surveys,

  • Publicly available sources or third parties such as credit bureaus or partner financial institutions,

  • Referrals from another person (where applicable).

We’ll take reasonable steps to inform you when data is collected indirectly.

Cookies and Website Usage

We use cookies to:

  • Support website functionality,

  • Enhance user experience,

  • Prevent fraud and security risks,

  • Track analytics and usage patterns.

Some cookies are placed by third-party advertising or analytics services and may collect behavioral data across different websites. These cookies do not store personally identifiable information directly, but may uniquely identify your browser and device.

We may use external vendors to help manage our site and analyze user behavior. These third parties may set cookies on our behalf.

Communication Monitoring

We may record and monitor communications—whether by phone, email, chat, or in-person—for regulatory compliance, security, and service quality purposes. All such recordings are property of OnsaFx and may be used as legal evidence of communications. Records can be provided to you upon request in the language used during service delivery.

How We Use Your Personal Information

Your personal information may be used for the following purposes:

  • To provide intermediary services related to Over-the-Counter Derivative Instruments;

  • For onboarding, verification, and compliance procedures;

  • To send product/service updates, promotions, and regulatory notices;

  • To respond to queries or support requests;

  • For internal record-keeping and reporting obligations (e.g., FAIS, FICA, tax, and audit);

  • To prevent and detect fraud, money laundering, terrorist financing, and financial crimes;

  • To comply with any legal or regulatory requirement;

  • To resolve disputes or handle complaints;

  • For customer research, market analysis, or promotional activities;

  • To personalize your experience, including marketing communication;

  • To test, maintain, and develop new services/features;

  • To ensure platform and data security;

  • To work with third-party service providers supporting our infrastructure and services;

  • To monitor service usage and platform interaction (automated tools or human oversight).

If we need to use your personal information for any purpose not covered above but still aligned with legal use, we may do so without requiring additional consent, as permitted by law.

Legal Basis for Processing

We rely on one or more of the following legal bases when processing your data:

  • Performance of a contract: When processing is necessary to provide our services;

  • Legal obligation: To comply with laws and regulations;

  • Legitimate interest: When necessary for the smooth and secure operation of our business;

  • Vital interest: When processing protects your legitimate interests;

  • Consent: When required by law, and in such cases, you can withdraw consent at any time by contacting us.

Who May We Disclose Personal Information To?

We only share the minimum data necessary with third parties for the purposes described above. These include:

  • Other OnsaFx entities or service providers assisting in delivering our services;

  • Governmental and regulatory bodies (e.g., FSCA, SARS);

  • Compliance, fraud prevention, or AML/KYC partners;

  • Auditors, tax consultants, legal advisors;

  • Hosting, analytics, and IT service providers;

  • Marketing agencies or research firms;

  • Introducing brokers or affiliates (as authorised by you);

  • Prospective acquirers in case of a business transfer;

  • Law enforcement or judicial authorities when required by law;

  • Any party authorized by you.

All such third parties are contractually bound to maintain strict confidentiality and data security.

Please note: When these third parties operate independently as separate data controllers, their privacy policies will apply, and OnsaFx is not responsible for their practices.

Our platforms may contain links to external third-party websites or apps. These are not governed by this Privacy Policy, and we encourage you to review the privacy terms of each external service.

International Transfer of Personal Information

Your personal information may be stored or processed in countries where OnsaFx or its service providers operate. We ensure that any international transfer of personal data complies with South African data protection laws.

Whenever we transfer your personal data outside of South Africa, we will ensure a comparable level of protection is provided by applying one of the following safeguards:

  • Transfers will only be made to countries that offer adequate data protection laws or binding corporate rules aligned with the principles of South African privacy legislation.

  • Where no such protections exist, we will:

    • Implement data transfer agreements or appropriate safeguards with the recipient party, or

    • Obtain your explicit, informed consent before transferring your data.

If you instruct us to stop processing your data, we reserve the right to terminate our services to you, either within a reasonable time or immediately.

How We Store Personal Information and For How Long

We retain your personal data only as long as necessary for the purposes it was collected and in compliance with:

  • Legal and regulatory obligations,

  • Our business and operational needs.

Personal data is stored securely in digital systems and protected physical records.

We may retain your personal data for longer periods under the following conditions:

  • If required or authorized by law (e.g. FAIS, FICA),

  • For legitimate business or contractual purposes,

  • With your explicit consent,

  • For research, statistics, or historical record-keeping, provided it’s not used for any unrelated purposes.

When data is no longer legally or operationally required, it will be:

  • Permanently deleted, or

  • Anonymized, ensuring it can’t be linked back to you.

We use secure destruction methods to prevent any recovery of deleted information.

Your Rights in Connection to Your Personal Information

Under South African data protection laws, you have the following rights:

  • Right to be informed: You have the right to know when and why your personal information is being collected.

  • Access: You may request access to the records of personal data we hold about you.

  • Correction, deletion, or destruction: You may request that we update or erase your data where legally appropriate.

  • Object to processing: You may object to how we process your data, especially in cases of direct marketing.

  • Object to automated decision-making: You can object to profiling or decisions made solely through automated processing.

  • Submit complaints: You have the right to file a complaint with the Information Regulator of South Africa if you believe your data privacy rights have been violated.

How to Contact Us

To raise a query, update your information, or exercise your data rights under South African law, you may contact us at:

📧 support@onsafx.com
📍 Registered Address: 26 Baker Street, Rosebank, Johannesburg, South Africa, 2196

Please ensure that prescribed forms (linked above) are used for data requests.

We strongly encourage you to keep your personal data with us accurate and up to date to ensure efficient service delivery.