Who is responsible for your personal data?
Marex acts as the Controller as defined in the GDPR and is therefore responsible for your personal data. The Website and our Services are made available by various companies in the Marex Group. Where this Policy refers to “Marex”, “we”, “us” or “our”, this means one or more of the Group Companies that provide the Website or Services to you. The Marex Group of companies includes Marex Financial (including the Marex Solutions division), Marex Spectron International Limited, CSC Commodities UK Limited, Marex Spectron Europe Limited, Marex North America LLC (including the Rosenthal Collins Group division), Marex Hong Kong Limited, Marex Spectron Asia Pte Ltd and Spectron Energy (Asia) Pte Ltd (individually and collectively “Marex”).For more information about our Group Companies, including their location, please see our Website
What is personal data?
As used in this Policy, “personal data” has the meaning given to it in the GDPR, and includes any information which, either alone or in combination with other information we hold, can identify an individual.
We may collect and process the following categories of personal data depending on the relationship between you and Marex.
- Identity data, such as: Your first and last name;
- Contact data, such as: Your billing address; email address; and telephone number;
- Registration data, such as: Your first name; last name; date of birth; gender; country; nationality; username; any KYC information that we may collect; any other personal data that you may provide when you register an account with us;
- Financial data, such as: Your bank account details; partial payment card details;
- Transaction data, such as: Details about payments made between you and us; details of Services purchased from us;
- Profile data, such as: Your account username; password; contact preferences; feedback and survey responses; the content of any messaging you send using any Enquiry Form on the Website;
- Technical data, such as: Your Internet protocol (IP) address used to connect your computer to the Internet; your login information; browser type and version; time zone setting; your ISP and/or mobile carrier; browser plug-in types and versions; and
- Marketing data, such as: Your marketing preferences; service communication preferences.
How does Marex collect your personal data?
We may collect and process personal data about you or relating to you in the following ways:
- if you register to become a client of our Services;
- if you send us a message through our Services or correspond with us by telephone, in writing or otherwise;
- administering and operating your account;
- from third parties, such as analytics providers, data brokers, third party directories and third parties that provide technical services to us so that we can provide our Website our Services;
- through cookies and other technologies, as you visit web pages on our Website;
- from any of your activities in connection with your use of our Services; and
- from time to time, from publicly available sources (such as media reports) or that you or a third party may otherwise make publicly available (for example through speeches at events, publishing articles, other news stories, or posts on social media platforms).
We will at all times minimise the collection and use of personal data to what is necessary to administer our business and deliver our Services to you in line with this Notice and the purposes of use. To serve you better, we may combine information you give us through various channels.
Who we collect personal data from?
We collect and process personal data from the following people:
- Site visitors: If you browse our Website or register an account on our Website, we will collect and process your personal data in connection with your interaction with us and our Website.
- Clients: If you buy our Services, we collect and process your personal data in connection with the supply of services to you.
- People who contact us with enquiries: If you contact us with an enquiry through our Website, submit a complaint through our Website or provide any feedback to us in our surveys and feedback forms, we will collect and process your personal data in connection with your interaction with us and our Website.
- People who work for our clients and suppliers: If you work for one of our clients or suppliers and have responsibility for placing orders with us, administering your organisation’s account with us or handling our Services or our account with your organisation, we will process your personal data in connection with your organisation’s relationship with us.
- Visitors to our physical offices: If you attend one of our physical offices, we may process personal data that you volunteer in connection with your visit and any enquiries you make. For example, you may volunteer personal data when signing in as a guest. CCTV footage may also be collected for security purposes.
- Event attendees: If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other document relating to the event.
Our legal grounds for processing the personal data
|Term||Ground for processing||Explanation|
|Contract||Processing is necessary for performance of a contract with you or to take steps at your request to enter a contract.||This covers preparation of a contract, carrying out our contractual duties and exercising our contractual rights and obligations.|
|Legal Obligation||Processing is necessary to comply with our legal obligations.||Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination.|
|Legitimate Interests||Processing is justified for our or a third party’s legitimate interests.||We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your personal data.
Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.
|Consent||You have given specific consent to processing your data.||In general processing of your data in connection with employment is not conditional on your consent. However, there may be occasions where we do specific things such as request a reference and rely on your consent to our doing so.|
|Vital Interest||The processing is necessary in order to protect your or another person’s vital interests.||This refers to emergency situations, where we cannot acquire consent or use another legal basis and are required to use your data. It is extremely rare for this basis to be used.|
|Public Interest||The processing is necessary for reasons of substantial public interest (article 9 (2) condition).||This legal ground refers to any situation affecting the rights, health, or finances of the public at large.|
Further information on the data we process and our purposes
The data, purposes and grounds on which we process the same are detailed in the table below.
The examples in the table are not exhaustive but encompass the core activities we perform.
|Purpose||Categories of personal data that may be processed||Grounds for processing|
|Provision of our services to you or to your organization including onboarding you as a client||Identity data, Contract data, Registration data, Financial data, Transaction data, Profile data, Behavioural data, Technical data, Marketing data and any KYC or background screening related category of data as defined by the applicable laws, such as data on regulatory offences.
|Contract: we have the responsibility to provide our services to you as they were stated in the contract we formed with you.
Legal obligation: to comply with the applicable laws, including onboarding you as a client.
Legitimate interest: to ensure that we provide our services in an effective, safe and efficient way.
|Security of our premises, IT, online platforms, websites, communication and other systems
Detection of security threats and of other malicious activities
|Identity data, Registration data, Financial data, Transaction data, Profile data, Behavioural data, Technical data.||Legal obligation: to ensure your safety and the security of the systems we obtain and operate.
Legitimate interest: to process your personal data so that we can keep our premises secure and provide a safe environment for our personnel and visitors to our premises.
|Monitoring and assessing compliance with our internal policies and standards||Identity data, Registration data, Financial data, Transaction data, Profile data, Behavioural data, Technical data.||Legal obligation: to comply with our internal policies, which many of them are based on applicable legislation.
Legitimate interest: to assess the compliance and the effectiveness of our internal policies.
|Identification of authorized persons to trade on behalf of our clients, suppliers or service providers
|Identity data, Registration data, Financial data, Transaction data, Profile data, Technical data.||Legal obligation: to ensure the authorization of the representatives and the payment of our suppliers.
Legitimate interest: to ensure that we have an effective working relationship with you or the organisation you represent.
|Fulfilment of our payment obligations to our suppliers and/or service providers||Identity data, Contract data, Registration data, Financial data, Transaction data.||Contract: to carry out our obligations arising out of any contract between the company and you.
Legal obligation: to satisfy the payment provisions of the agreement between you and the company.
Legitimate interest: to ensure that we have an effective working relationship with you or the organisation you represent.
|Administration of your Marex account||Identity data, Contract data, Registration data, Profile data, Behavioural data, Technical data.||Contract: to perform our obligations in accordance with any contract that we may have with you.
Legal obligation: to ensure the security of your account and the avoidance of any breach of your personal data.
Legitimate Interest: to provide access to the Website and Services in a secure and effective way and so that we can make improvements to our Website.
|Compliance with our legal and regulatory obligations||Identity data, Contract data, Registration data, Financial data, Transaction data, Profile data, Behavioural data, Technical data, Marketing data.||Legal obligation: to secure our adherence to different legislation around the world.
|Compliance with court orders and exercise/defend our rights||Identity data, Contract data, Registration data, Financial data, Transaction data, Profile data, Behavioural data, Technical data, Marketing data.||Legal obligation: to adhere to any court request and exercise our rights in relation to these requests.
|Host and management of our events||Identity data, Contract data, Registration data, Marketing data.||Contract: to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event.
Legitimate interest: to ensure that the event is operated in an efficient way.
With whom will we share your personal data?
We might share your personal data with third parties for the sole purpose of delivering our services to you according to the legislative guidance. When we share personal data with vendors or otherwise, we put contractual arrangements and security mechanisms in place to protect the personal data, and we will use reasonable endeavours to ensure that those third parties only use your personal data for the specific purposes for which it is provided to them, as consistent with this Policy and the requirements of the GDPR.
We may share your personal data in the following circumstances:
- between the Marex group companies on a confidential basis where required for the purposes of providing the Services to you and for administrative, billing and other business purposes;
- with any third party to whom we assign or novate any of our rights or obligations;
- instruct third party service providers (such as those who provide applications, functionality, data processing or IT services) to process personal data on our behalf and in accordance with our instructions. We will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers;
- with courts, law enforcement authorities, auditors, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, for the purposes of a confidential alternative dispute resolution process, or to seek advice and assistance in relation to the lawful and effective management of our business;
- with payment providers and banks;
- with event partners and suppliers;
- with recruitment agencies and related organisations;
- with other third parties, for instance to comply with requests from third parties with authority to obtain disclosure, to investigate an alleged crime, or to establish, exercise or defend legal rights.
Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulation or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
Processing of your personal data outside the UK and/or EEA
Marex is a globally active commodities broker. We may transfer your personal data abroad in connection with the provision of Services to you. This may include countries outside the UK and/or the European Economic Area.
Keeping your personal data secure
We will take appropriate technical and organisational measures to keep your personal data confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to personal data. Personal data may be kept on our systems or in paper files. Our employees respect your privacy and are required to safeguard your personal data pursuant to the terms of their employment contracts with Marex.
Subject to certain legal conditions, you have the right:
- access the personal data we process of you by requesting a copy;
- have your personal data rectified;
- have your personal data erased;
- object to the processing of your personal data;
- have your personal data processing restricted;
- withdraw your consent to process your personal data for a purpose you previously consented to. Withdrawing consent does not affect the lawfulness of processing, which was done before consent was revoked;
- receive a limited set of data transferred directly to another controller or processor, or directly to yourself;
- object to being subjected to profiling and automated decision-making and require a human review of any automated decision. We do not however process personal data in a manner, which would make this right applicable.
To exercise your rights, you can contact our Group Data Protection Officer (DPO) by emailing:
Updates to this Notice
This Notice was last updated in September 2021. We reserve the right to update and change this Policy from time to time, to reflect any changes to the way in which we process your personal data or changing legal requirements. In case of any such changes, we will post the updated Policy on the Website or publish it otherwise. The changes will take effect as soon as they are published.