Privacy at FxPro for forex clients in Kenya

For Kenyan forex clients, FxPro processes personal data primarily to open and run trading accounts, meet anti-money laundering and know-your-customer obligations, and comply with other legal requirements. Information such as identity documents, proof of address, contact details, financial data, and records of trading activity is collected only where it is needed for these purposes. Data is stored on secure servers with access limited to personnel or service providers that require it to perform clearly defined tasks. Personal data is kept while the account is active and then retained only as long as required by applicable laws, after which it is removed or anonymised. Clients are entitled to request access to their data, ask for corrections, and, in specific situations, request deletion, restriction of use, or transfer to another provider. Personal data is not sold to third parties for marketing, and any direct marketing can be declined at any time. Information may be shared with third-party service providers and authorities where necessary to provide the service or when required by law. FxPro aligns its practices with Kenyan data protection rules and provides channels for clients to raise questions or complaints about privacy handling.

Client data is collected to identify the client, assess suitability for trading, and operate the forex account in line with regulatory standards.

Main categories of data include:

• Identification data: name and official identification documents
• Contact data: email, phone number, and address
• Verification data: proof of address and supporting documents
• Financial data: information used to process deposits and withdrawals
• Trading data: orders, positions, and transaction history
• Technical data: IP address, device type, browser details, and usage patterns

Personal information comes directly from the client through online forms, document uploads, and communications with support. Additional data can be drawn from automatic logs generated during platform use and, where needed, from third-party sources such as credit reference agencies or public databases for identity checks.

By industry convention, each category of information is linked to a specific purpose, such as KYC verification, account operation, risk management, fraud prevention, or service improvement. Clients are generally informed at the point of collection about what is being requested and how it will be used, and may ask clarifying questions before providing data.

Typical data purposes and handling

Personal data is stored on secure servers, which may be located in different jurisdictions depending on the infrastructure and service partners involved. Access to these systems is restricted to authorised staff or contracted providers whose role requires interaction with that data.

Per standard market practice, a mix of technical and organisational controls is applied to reduce the risk of unauthorised access, loss, or misuse. These measures may include encryption, firewalls, strict access controls, and internal procedures for handling client information.

Retention periods are tied to legal, regulatory, and operational needs:

• Account-related data is retained while the trading account remains active.
• Financial transaction data is typically stored for six years from the transaction date to meet accounting and dispute-resolution obligations.
• Other data categories may be held for shorter or longer periods, depending on applicable law and the underlying purpose.

Once a retention period ends and there is no ongoing legal or regulatory reason to keep the information, data is either securely deleted or anonymised so that it can no longer be linked to an identifiable person.

Clients based in Kenya have a set of privacy rights in relation to their personal data held by FxPro. These rights generally follow data protection norms and the local Kenyan framework.

Key rights include:

• Right of access: to request confirmation that data is being processed and to obtain a copy in a commonly used format.
• Right to rectification: to have inaccurate or incomplete personal information corrected.
• Right to erasure: in certain circumstances, to request deletion of personal data where there is no longer a lawful basis for its use.
• Right to restriction: to limit the processing of data in specific situations, for example while accuracy is being checked.
• Right to data portability: to ask for personal data to be transferred to another service provider where technically possible.
• Right to object to certain processing, including some forms of direct marketing.

To exercise these rights, clients can contact the data protection or compliance contact points indicated in the account area or on the official website. Requests may require verification of identity, and responses are provided within timelines set by applicable data protection laws. Some requests can be declined or limited where ongoing legal or regulatory duties require data to be retained or processed.

Clients also have the ability to opt out of direct marketing communications by adjusting account communication preferences or by reaching out through available support channels.

In line with common practice in the forex industry, FxPro shares client data with carefully selected third parties where this is necessary to deliver services or to comply with legal duties.

Typical recipients include:

• Payment service providers that process deposits and withdrawals
• Identity verification and KYC service providers
• Technology vendors that maintain trading and operational infrastructure
• Professional and administrative service providers where required

These parties are expected to handle personal data securely and to process it only for the specific purposes defined in their agreement with FxPro.

Data can also be disclosed to regulatory bodies, law enforcement agencies, and other authorities when required by law or to protect legal rights. In situations such as mergers, acquisitions, or similar corporate changes, client data may be transferred to a new entity, with affected clients being informed if such a transfer occurs.

When a Kenyan client visits the FxPro website or uses the trading platform, cookies and related tracking technologies are used to support functionality and improve the user experience.

Per standard market practice, cookies are typically grouped into:

• Essential cookies that are required for the website and platform to operate correctly
• Functional and performance cookies that help remember preferences and measure usage patterns
• Cookies used for analytics or to tailor content to user interests

Clients can manage cookie settings via their browser. Restricting or disabling certain cookies may reduce the functionality or responsiveness of the website or platform. More detailed information on cookie types and purposes is usually available in a separate cookie policy, accessible from the website footer.

Kenya maintains its own data protection framework, and FxPro indicates that it adapts its internal practices to align with these local requirements when serving Kenyan clients. This involves transparency about what data is collected, the legal basis for processing, applicable retention periods, and the rights available to data subjects.

If a Kenyan client believes that personal data has been handled in a way that conflicts with privacy standards, the client can:

• Raise the issue directly through the contact options in the account area or website, giving FxPro an opportunity to respond and, where appropriate, correct the situation.
• Escalate the matter to the relevant data protection authority in Kenya if the response is not satisfactory or if the client prefers to address the concern directly with the regulator.

Privacy practices may change over time as services evolve or new legal requirements take effect. When significant modifications to the privacy policy are made, FxPro may notify clients through the registered email address or by placing a notice on the trading platform.

Continued use of the services after such updates generally indicates acceptance of the revised terms. Clients who do not agree with material changes can consider closing their accounts in line with the applicable terms and conditions.

For any privacy-related questions, rights requests, or concerns, Kenyan clients can contact support or the designated data protection contact using the communication channels made available in the client area. The stated approach is to respond in a timely and transparent manner to all privacy inquiries.