1. Our Commitment to GDPR Compliance
Altajir TFX Trading Academy is committed to protecting the personal data and privacy rights of all individuals in the European Union (EU) and European Economic Area (EEA). We comply with the General Data Protection Regulation (GDPR) and have implemented comprehensive measures to ensure your data is processed lawfully, fairly, and transparently.
This page explains our GDPR compliance measures and how we protect your rights as a data subject under European law.
2. Legal Basis for Processing
Under GDPR, we must have a legal basis for processing your personal data. We process your data based on:
2.1 Contract Performance (Article 6(1)(b))
We process your data to provide our educational services, including:
- Account creation and management
- Course delivery and progress tracking
- Customer support and communication
- Payment processing and billing
2.2 Legitimate Interests (Article 6(1)(f))
We process data for legitimate business interests, such as:
- Platform security and fraud prevention
- Service improvement and optimization
- Analytics and usage statistics
- Internal business operations
We always balance our interests against your privacy rights and will not process data if your interests override ours.
2.3 Consent (Article 6(1)(a))
We obtain your explicit consent for:
- Marketing communications and newsletters
- Non-essential cookies and tracking
- Sharing data with third parties for marketing
- Processing sensitive personal data (where applicable)
2.4 Legal Compliance (Article 6(1)(c))
We process data to comply with legal obligations, including:
- Tax and accounting requirements
- Anti-money laundering regulations
- Data retention obligations
- Regulatory reporting requirements
3. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
3.1 Right of Access (Article 15)
You have the right to obtain confirmation that we are processing your personal data and access to that data, including:
- The purposes of processing
- Categories of personal data
- Recipients of your data
- Retention periods
- Your other GDPR rights
3.2 Right to Rectification (Article 16)
You can request correction of inaccurate personal data and completion of incomplete data.
3.3 Right to Erasure (Article 17)
You can request deletion of your personal data when:
- The data is no longer necessary for the original purpose
- You withdraw consent and no other legal basis exists
- The data has been unlawfully processed
- Erasure is required for legal compliance
3.4 Right to Restrict Processing (Article 18)
You can request restriction of processing when:
- You contest the accuracy of the data
- Processing is unlawful but you prefer restriction over erasure
- We no longer need the data but you need it for legal claims
- You object to processing pending verification of legitimate grounds
3.5 Right to Data Portability (Article 20)
You can receive your personal data in a structured, commonly used format and transmit it to another controller when processing is based on consent or contract.
3.6 Right to Object (Article 21)
You can object to processing based on legitimate interests or for direct marketing purposes.
3.7 Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to automated decision-making, including profiling, that produces legal or significant effects.
4. How to Exercise Your Rights
To exercise any of your GDPR rights, please:
4.1 Contact Methods
- Email our Data Protection Officer: dpo@altajirtfx.com
- Use our online data request form (available in your account)
- Send a written request to our registered address
- Contact our customer support team
4.2 Required Information
To process your request, please provide:
- Your full name and email address
- Proof of identity (to prevent unauthorized access)
- Specific details of your request
- Any relevant dates or reference numbers
4.3 Response Timeline
- We will acknowledge your request within 72 hours
- We will respond to your request within 30 days
- Complex requests may require up to 60 additional days
- We will explain any delays and provide regular updates
5. Data Protection Measures
5.1 Technical Safeguards
- End-to-end encryption for data transmission
- Advanced encryption for data storage
- Multi-factor authentication systems
- Regular security audits and penetration testing
- Secure backup and disaster recovery procedures
5.2 Organizational Measures
- Staff training on GDPR compliance
- Data protection impact assessments
- Clear data retention and deletion policies
- Access controls and authorization procedures
- Regular compliance monitoring and auditing
5.3 Data Minimization
We follow the principle of data minimization by:
- Collecting only necessary personal data
- Processing data only for specified purposes
- Retaining data only as long as necessary
- Regularly reviewing and deleting unnecessary data
6. International Data Transfers
When we transfer your data outside the EU/EEA, we ensure adequate protection through:
6.1 Adequacy Decisions
We transfer data to countries with adequate protection as determined by the European Commission.
6.2 Standard Contractual Clauses (SCCs)
We use EU-approved Standard Contractual Clauses with service providers in third countries.
6.3 Binding Corporate Rules
We may rely on binding corporate rules for intra-group transfers where applicable.
6.4 Certification and Codes of Conduct
We work with providers who have appropriate certifications and follow recognized codes of conduct.
7. Data Breach Procedures
In the event of a personal data breach, we will:
- Detect and investigate the breach within 24 hours
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay if there is high risk
- Document the breach and our response measures
- Implement additional safeguards to prevent future breaches
8. Children's Data Protection
We are committed to protecting children's privacy:
- Our services are not intended for children under 16
- We do not knowingly collect data from children under 16
- If we discover we have collected such data, we will delete it immediately
- Parents/guardians can contact us regarding their child's data
9. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have violated GDPR. You can contact:
- Your local data protection authority in your EU member state
- The supervisory authority in the country where the alleged violation occurred
- The supervisory authority in the country where you have your habitual residence
We encourage you to contact us first so we can address your concerns directly.
10. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee GDPR compliance. Our DPO:
- Monitors compliance with GDPR and other data protection laws
- Conducts data protection impact assessments
- Serves as the contact point for supervisory authorities
- Provides guidance on data protection matters
- Handles data subject requests and complaints
Contact our DPO: dpo@altajirtfx.com
11. Regular Compliance Reviews
We regularly review and update our GDPR compliance measures:
- Annual compliance audits and assessments
- Regular staff training and awareness programs
- Continuous monitoring of data processing activities
- Updates to policies and procedures as needed
- Engagement with privacy and security experts
12. Contact Information
For any questions about GDPR compliance or to exercise your rights, please contact us:
