DRAFT — PENDING LEGAL REVIEW. This document has not yet been reviewed by counsel and is not legally binding. Final form will be issued before LD4 launch.
← All legal documents
LMEX MARKETS · LEGAL

Privacy Policy

[Effective at LD4 launch — date to be set]

Introduction

Welcome to the LMEX Markets Privacy Policy.

When we refer to "LMEX Markets", "we", "us" or "our" in this Privacy Policy, we are referring to [LMEX Markets Entity — counsel to confirm] and its affiliates that are responsible for processing your personal data.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy will inform you about how we look after your personal data when you visit lmexmarkets.com (the "Interface") or use the services offered by the Interface (the "Services").

LMEX Markets is committed to complying with the laws relating to the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This Privacy Policy sets forth the basic principles by which LMEX Markets collects, retains, transfers, disposes and otherwise processes your personal data.

Terms used in this Privacy Policy have the meaning given in the GDPR.

Acceptance of Privacy Policy

By accessing and using the Services, you signify acceptance of the terms of this Privacy Policy. We reserve the right to revise this Privacy Policy at any time to reflect changes in law or our personal data practices. If changes are made, we will notify you by email or by posting on the Interface, and you will be required to accept any updated policy before continuing to use the Services.

If you do not agree with any aspect of this Privacy Policy, you should discontinue access to the Interface and Services.

If you have any questions about this Privacy Policy, please contact us via the Support Center.

Purpose

This Privacy Policy describes how we collect and process your personal data through your use of the Interface and Services. The Interface and Services are not intended for children and we do not knowingly collect data relating to children.

Your Duty to Inform Us of Changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-Party Links

The Interface and Services may include links to third-party websites and applications. We do not control these third-party services and are not responsible for their privacy statements.

The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified.

We collect, use, store and transfer the following kinds of personal data:

Identity Data includes first name, maiden name, last name, username, marital status, title, date of birth, age, nationality, photographs, gender, job title, tax ID number, passport number, driver's licence details, national identity card details, photograph identification, and visa information.

Contact Data includes residential address, email address and telephone numbers.

Financial Data includes wallet addresses, transaction history, trading data, deposit and withdrawal records, and tax identification.

Transaction Data includes details about deposits, withdrawals, orders, fills, funding payments, and other activity on your account.

Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types, operating system, device fingerprint, and other technology on the devices you use to access the Interface.

Profile Data includes your username and password, preferences, feedback and survey responses, and trading preferences.

Usage Data includes information provided to our support team, public social networking posts, authentication data, security questions, user ID, click-stream data and other data collected via cookies and similar technologies.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data is not considered personal data in law as it does not directly or indirectly reveal your identity.

We do not collect any Special Categories of Personal Data (race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, genetic and biometric data).

If You Fail to Provide Personal Data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract. In this case, we may have to cancel the Services we provide to you, with notice.

How Is Your Personal Data Collected?

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us, including when you:

apply for our Services;
create an account on the Interface;
subscribe to our publications or newsletters;
enter a competition, promotion or survey; or
give us feedback or contact us.

Automated technologies and third-party sources. We may automatically collect your Technical Data as you interact with the Interface (browsing actions, patterns, hardware model, device ID, operating system version, web browser software, IP address, MAC address, device identifier). We may also receive personal data from third parties (public databases, credit bureaus, identity verification partners, blockchain analytics providers, sanctions screening providers, joint marketing partners, and social media platforms).

Purposes for Which We Use Your Personal Data

We will only use your personal data within the limits allowed by law. Most commonly, we will rely on one or more of the following lawful bases:

performance of the contract we are about to enter into or have entered into with you;
our legitimate interests (or those of a third party), where your interests and fundamental rights do not override those interests; or
compliance with a legal obligation.

We use your personal data to:

register you as a new User;
deliver the Services, including managing transactions, payments, fees and charges;
collect and recover fees owed to us;
notify you about changes to our Terms or Privacy Policy;
enable you to participate in promotions or complete surveys;
administer and protect our business and the Interface (troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting);
deliver relevant Interface content and advertisements and measure the effectiveness of advertising;
use data analytics to improve the Interface and Services;
identify or verify you in order to comply with AML Laws, CTF Laws, Anti-Bribery Laws, Sanctions Laws, FATCA, CRS, and other Applicable Laws;
conduct market surveillance and detect prohibited trading activity; and
make suggestions and recommendations to you about Services that may be of interest.

Marketing

We may use your personal data to form a view on what may be of interest to you with respect to the Interface or Services. Based on your communication preferences, we may send you marketing communications.

Information Shared with Third Parties

We will only share your personal data with third parties who have a legitimate purpose for accessing it:

third-party identity verification, sanctions screening and blockchain analytics services in order to perform obligations under AML Laws, Anti-Bribery Laws, Sanctions Laws, CTF Laws, and other Applicable Laws;
service providers (consultancy, banking, legal, data analysis, marketing, insurance, accounting, IT) under contract;
financial institutions and stablecoin issuers with which we partner to process deposits and withdrawals;
companies or entities that we plan to merge with or be acquired by;
law enforcement, regulators, officials, or other third parties when compelled by subpoena, court order, or similar legal procedure, or when we believe in good faith that disclosure is necessary to prevent harm, report suspected illegal activity, or investigate violations of our Terms.

We require all third parties to respect the security of your personal data and to treat it in accordance with this Privacy Policy and Applicable Laws.

Opting Out

You may opt out of having your personal data shared with third parties for purposes incompatible with the purposes for which it was originally collected. If you do so, certain features of the Services may not be available to you.

Cookies

You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. If you disable cookies, some parts of the Interface may not function properly. For more information, please see our Cookie Policy.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible reason. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis.

International Transfers

Your personal data may be transferred, stored, and processed in any country in which we operate.

For data subjects of the European Economic Area: where we transfer your personal data outside the EEA, this is done either on the basis that it is necessary for performance of the contract, or that the transfer is subject to the European Commission's standard contractual clauses, or that the recipient operates under an adequacy decision.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to employees, agents, contractors and third parties who have a business need to know. They process your personal data on our instructions and are subject to a duty of confidentiality.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where legally required.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

Specific retention periods for LMEX Markets:

KYC documentation (passport scans, identity card images, proof-of-address documents, selfies) is retained for five years after account closure to comply with anti-money-laundering record-keeping obligations.
Trading activity records (orders, fills, funding payments, IP and device data associated with each trade) are retained for seven years for the purposes of market surveillance and regulatory inspection.
Transaction records (deposits, withdrawals, internal transfers) are retained for seven years for tax and audit purposes.
Marketing data (name, email, communication preferences) is retained on an ongoing basis until you unsubscribe.
Support correspondence is retained for two years after the matter is closed.
Email-verification tokens are short-lived one-time secrets; consumed tokens are cleared from your record immediately. Unconsumed tokens are overwritten on each resend.
Two-factor authentication secrets (TOTP shared secret) are stored encrypted at rest using AES-256-GCM under a per-deployment encryption key. The encryption key is never co-located with the database. Plaintext secrets never persist to disk.
Backup codes for 2FA recovery are stored as bcrypt hashes; plaintext codes are not recoverable by LMEX Markets and consumed codes are removed from your record on first use.

Blockchain transactions — important disclosure. When you withdraw USDT from your LMEX Markets account, the withdrawal address you provide and the transaction details are committed to the public blockchain on which the withdrawal is executed (TRC20, ERC20, Arbitrum, Solana). Once broadcast, this information is permanently recorded on the public blockchain and cannot be deleted, redacted or rectified by LMEX Markets. The GDPR right of erasure is therefore practically limited in respect of on-chain transaction data.

Your Legal Rights

Under data protection laws, you have rights in relation to your personal data, including the right to:

request access to your personal data;
request correction of your personal data;
request erasure of your personal data, subject to legal retention requirements and the blockchain-disclosure limitation above;
object to processing where we are relying on legitimate interests;
request restriction of processing;
request the transfer of your personal data;
withdraw consent where we are relying on consent.

Contact

If you have any questions about this Privacy Policy or our privacy practices, please contact us via the Support Center on lmexmarkets.com.

You have the right to make a complaint to the relevant data protection supervisory authority. We would appreciate the chance to deal with your matter internally before you approach the regulator.

RELATED LEGAL DOCUMENTS
TermsCookiesRisk WarningDisclaimersReferral