Privacy Policy

Privacy Policy

Part 1 - City Index Privacy Policy (All Customers)

GAIN Capital Australia Pty Ltd (ABN 50 141 774 727) trading as City Index, and its related entities including GAIN Capital UK Ltd (UK Reg
1761813), GAIN Capital Singapore Pte Ltd. (Sing Co Reg 200400922K) and any other related entities from time to time (‘CI’, 'we', 'us' or
'our') recognise the importance of your privacy and abides by the Australian Privacy Principles contained in the Privacy Act 1988 as
amended from time to time (the Privacy Act).

This document sets out our policy for the collection, use, disclosure and management of your personal information. Personal information is
defined in the Privacy Act as any information or opinion (whether true or not, and whether recorded in a material form or not) about you as
an identified individual or an individual who is reasonably identifiable.

By choosing to provide your personal information to us and receiving products and services from us, you consent to our collecting, holding,
using and disclosing your personal information in accordance with this Privacy Policy.

The kinds of personal information that CI collects and holds

In order to conduct business with you and provide you with our products and services, CI is required by Australian law to collect your
personal information to identify and verify you. The kinds of personal information that we may collect and hold about you may include your
name, address, date of birth, contact details, income, assets and liabilities, bank account balances, financial statements, credit reporting
information and employment details.

How CI collects personal information

We may collect your personal information directly from you when you give it to us in your application form, open and maintain an account
with us, when you use our products and services, call us or visit our website to inquire about a product or service offered by us or so that we
may conduct business with you. We may also need to do so to meet legal requirements.

We may also collect your personal information from third parties, including credit reporting bodies and any other relevant third parties.

CI maintains records of your personal information and all transactions and activities on accounts that you have with CI, including details of
contracts traded and margin calls made.

Please note that because of the nature of the products and services we provide, and because we are required or authorised by or
under an Australian law to deal with individuals who have identified themselves, we are unable to allow you the option of dealing
with us on an anonymous basis.

Why is personal information required?

The purposes for which CI collects, holds, uses and discloses your personal information are:

  • Legal – we are required to confirm your identity and other personal information by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. We may also disclose your personal information to credit reporting bodies or service providers to confirm your credit rating.
  • Conducting business –The personal information we hold may be used for establishing and managing your account, reviewing your ongoing needs, enhancing customer service and products and providing ongoing information or opportunities that we believe may be relevant to you. As a result, we may send you marketing material from time to time by email, telephone, SMS or other electronic messaging services.

If you do not provide us with all the information we consider to be necessary, we may be unable to provide, or be limited in the provision of,
services or products that we offer.

If you do not wish to receive any marketing material from us, please let us know by emailing our customer service team at

Importantly, except as set out in this Privacy Policy, we will not use or disclose your personal information unless permitted or
required to do so by or under an Australian law.

How CI holds personal information

CI takes reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access,
modification or disclosure. Such reasonable steps include having measures in place to ensure that your personal information can only be
accessed by our personnel who are properly authorised and are required to have access in the performance of their employment duties. We
may store your personal information in hardcopy documents or electronically.

We may need to retain your personal information for a significant period of time. However, if we consider that your personal information is no
longer needed for any of the purposes described above, and we are not required by or under an Australian law to retain the information, we
will take reasonable steps to securely destroy your personal information or to ensure that the information is de-identified.

CI may disclose personal information to overseas recipients and other entities

CI may disclose your personal information to its related entities either in Australia or abroad, including the United Kingdom, Asia, the Middle
East and elsewhere in the world from time to time. We will take reasonable steps to ensure that all personal information disclosed to such
overseas recipients will be handled by those recipients in accordance with this Privacy Policy.

Other entities to whom CI may disclose your personal information include:

  • financial institutions and other similar organisations that CI deals with in the course of its business activities, or those that are nominated by you;
  • external service providers and professional advisers (which may be located overseas) that provide services to us;
  • any organisation at your request or any persons acting on your behalf, including your financial adviser, broker, solicitor or accountant;
  • introducing brokers with whom we have a mutual relationship (any of whom may be within or outside the European Economic Area) and who have introduced you to us;
  • government, enforcement or regulatory bodies;
  • credit reporting bodies or reference agencies;
  • any other entities where you have otherwise consented; and
  • any other entities if it is otherwise permitted or required by or under an Australian law, including the Privacy Act.

CI Websites

When submitting an application form (whether online or via a mobile application or otherwise) or other documents, or when visiting our
website or dealing in our products, CI will collect and retain this information.

We also collect statistical information about visitors to our websites such as the number of visitors, pages viewed, types of processes
executed, time online and documents downloaded. This information is used to evaluate and improve the performance of our websites. Unless
you have provided your personal information to us, we do not collect any personal information through our websites other than statistical

You should also be aware that we use cookies on our websites. A cookie is a small amount of data, which often includes a unique
identification number or value that is sent to your browser from a website’s computer and stored on your computer’s hard drive.

Each website can send its own cookies to your browser if your browser allows it. However, to protect privacy generally, your browser may
only allow a website to access the cookies it has sent to your computer.

Cookies are used on our websites to collect the aforementioned statistical information so that you can access your accounts online. When
accessing accounts online, a cookie will be created which uniquely identifies the computer, username and password. This eliminates the
need to re-enter the aforementioned data each time accounts are accessed online.

Most internet browsers are set up to accept cookies. If you do not wish to receive cookies, you may be able to change the browser settings to refuse all cookies or have your computer notify you each time a cookie is sent, thereby giving the choice whether to accept it or not. If you reject all cookies, you will be unable to access accounts online. You can also delete cookies from computers after they have been created.

Telephone conversations

CI may record telephone conversations and ‘live’ chats. We will advise you at the time of the telephone conversation that the call may be
recorded and, if you do not wish to have it recorded, you can let us know. Such recordings or transcripts from such recordings may be used
to resolve any dispute that you may have with us.

Recordings or transcripts made by CI may be destroyed under CI’s normal practice.

Access to your information and corrections

If you wish to access or correct your personal information which we hold, please contact us by telephone or email. CI Aus Privacy Policy August 2018

For customers in Australia: 1800 354 182
For customers elsewhere: +61 2 9270 3682
or email

We will process your request usually within 14 days. There is normally no fee for requesting access to your personal information, although
depending on the complexity of your request, we may charge a fee for processing the request, which is disclosed in our PDS.

Resolving your privacy complaints

If you wish to complain about a breach by us of the Australian Privacy Principles or a violation of this Privacy Policy, please contact the
Compliance Department or CI by telephone or email.

For customers in Australia: 02 9270 3600
For customers elsewhere: +61 2 9270 3600
or email

We will investigate the nature of your complaint and notify you within 30days of our findings. If you are not satisfied with our response to
your complaint, you can telephone the Office of the Australian Information Commissioner's hotline on 1300 363 992 or email them at

Notifiable Data Breaches scheme

The NDB scheme applies to all agencies and organisations with existing personal information security obligations under the
Australian Privacy Act 1988 (Privacy Act) from 22 February 2018, as such this includes CI.

The NDB scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result
in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The
Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.

CI will notify the Commissioner through the Notifiable Data Breach statement – Form available here.

The NDB scheme only applies to data breaches involving personal information that are likely to result in serious harm to any individual
affected. These are referred to as ‘eligible data breaches’.

Changes to this Privacy Policy

We reserve the right, at our discretion, to change any part of this Privacy Policy at any time. You should review this Privacy Policy
periodically so that you are updated on any changes.

Part 2 - City Index Supplemental Privacy Policy (EU Customers)

Who we are

GAIN Capital Australia Pty Ltd (ABN 50 141 774 727) trading as City Index (“we”, “us”, “our”) is committed to protecting your privacy and
maintaining the security of any personal information that we receive from you.

This privacy policy is supplemental to the City Index Privacy Policy (All Customers), and applies to individuals who are resident in the
European Union. In the event of any conflict between this policy and our existing privacy policy, the terms of this policy shall prevail.

If either privacy policy changes, we will place an updated version on our website.

The purpose of this policy

The purpose of this policy is to explain to you what personal information we collect and how we and our associated companies may use it.
Companies are associated with us if they are our subsidiaries or we are both subsidiaries of the same corporate entity.

We are the controller of any personal information which you provide to us which means that we decide the purposes and means of the processing of that personal information.

If any provision or part-provision of this policy is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not
affect the validity and enforceability of the rest of this policy.

How we obtain and store your information

We obtain your information through applications, emails, letters, telephone calls, SMS messages, cookies and conversations when
registering for our services and during the course of our relationship (including information gained when you use our learning tools, demo
accounts and trading simulators).

We may monitor or record phone calls with you and monitor (and maintain a record of) all emails and electronic communications sent by or
to us.

We follow strict security procedures in the storage and disclosure of information that you have given us to prevent unauthorised access.

What types of personal information we process

We may process the following types of personal information:
  • name;
  • contact details including email details, addresses and phone numbers;
  • age or date of birth;
  • gender;
  • occupation;
  • income, assets and liabilities;
  • bank account balances, financial statements, credit reporting information and employment details;
  • trading knowledge and experience;
  • user names and passwords;
  • information relating to your account including your account history, activity and orders;
  • IP address;
  • social security number, national insurance number, passport or other MiFIR national identifier;
  • transaction reporting reference;
  • power of attorney / agent details;
  • phone device type;
  • operating system;
  • device ID;
  • cookie ID;
  • Google 360 ID;
  • GUID; and
  • information about your use of our services, products and facilities (including information gained when you use our learning tools,
    demo accounts and trading simulators).

How we check your identity

To comply with applicable regulations we need to confirm the name and address of our customers and certain third parties. We may ask
you to provide physical forms of identity verification when you open your account. Alternatively, we may use a credit reference agency to
verify your identity. Our search is not seen or used by lenders to assess your ability to obtain credit.

Using your personal information

As well as checking your identity, the personal information we hold may be used for:
  • considering any of your applications;
  • carrying out risk assessments;
  • complying with our legal and regulatory obligations;
  • performing our obligations under any contract we have with you;
  • administering our relationship with you including resolving queries or issues;
  • establishing and managing your account;
  • reviewing your ongoing needs;
  • providing you with the information, products and services that you request from us;
  • checking your instructions to us;
  • investigating any complaint you may make;
  • providing evidence in any dispute or anticipated dispute between you and us;
  • recovering amounts payable;
  • training our staff;
  • enhancing our customer service and products;
  • undertaking product development and analysis; and
  • detecting or preventing fraud or other crimes.

Where you have consented to direct marketing, we may send you marketing material from time to time by post, email, telephone, SMS or
other electronic messaging services.

We also use technology to make decisions automatically or to build profiles about you. This technology uses logic that assesses whether
our products are suitable for a potential customer, which helps us to determine whether or not it is appropriate for a potential customer to CI Aus Privacy Policy August 2018
open an account with us. This means that you may not be able to open an account with us if our technology determines that it would not be
appropriate for you to do so based on your financial knowledge and trading experience. If you ever think our machines have got it wrong,
you can ask for a human to look into it. (See “Your Rights - Rights in relation to automated decision making and profiling”.)

When we may share your information

We may share your personal information with:

  • any regulatory, law enforcement or tax authority;
  • such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police;
  • our associated companies;
  • third-party service providers and advisers who provide us with administrative, financial, research or other services in connection with
  • the services we provide to you;
  • our introducing brokers and other commercial partners;
  • our professional advisers;
  • credit reference agencies;
  • our auditors for the purposes of carrying out financial and regulatory audits;
  • our agents, including credit reference agencies, acting on our behalf, carrying out such credit and identity checks, including money laundering checks, compliance regulatory reporting and fraud prevention checks, as we may reasonably consider necessary or desirable, including requesting a reference from your bank or any credit reference agency. Any third party referred to in this clause may share any personal information concerning you with us and other organisations involved in credit reference, the prevention of fraud and/or crime and/or money laundering or for similar purposes or to recover debts involved;
  • courts, tribunals, regulatory or tax authorities and government agencies to enable us to enforce our agreement with you or to comply with the requirements of a court, regulator, tax authority or government agency;
  • the purchaser or potential purchaser of one or more of our businesses or product/service lines and their professional advisers; and
  • our trade repository.

Please also note that disclosure to the trade repository or regulators may also result in certain anonymous transaction and pricing data
becoming available to the public.

Generally, we require that organisations outside our associated companies with whom we share your personal information acknowledge the
confidentiality of your data and undertake to respect your right to privacy.

Information, which we obtain indirectly

In some cases, we are also provided with your name and contact details by our third party referrers.

We also gather information relating to you and your online behaviour:
  • to help optimise our website, to give you a good user experience and to personalise your use and our communications to you;
  • to help us monitor, support and improve the performance of our site (by analysing your use and experience of our site);
  • to help us understand more about you and the products and services you use and are interested in; and
  • to tailor the online advertising you receive.

Knowing more about you helps us to understand our customers better, and means we can give you recommendations about products and
services you may be interested in, and provide you with relevant advertising and customised communications that are of interest to you.

We combine information that you provide to us with information that is publicly available and/or that we receive from third parties such as
advertisers and/or other reputable sources who have obtained your permission to do so, or have otherwise explained to you that this may

Joint applicants

You should only give us personal information about someone else (such as a joint applicant) with their permission. Where information is
provided by you about someone else, or someone discloses information about you, it may be added to any personal information that is
already held by us and it will be used in the ways described in this privacy notice. Sometimes, when you open a joint account or product,
this may mean that your personal information will be shared with the other applicant. For example, transactions made by you will be seen by
your joint account holder and vice versa.

The legal basis for our processing of personal information

The legal basis for our processing of personal information will depend on why we process your information.

Where you wish to enter into or have signed a contract to receive services from us, we will process your personal information to enable us
to enter into and perform our contract with you. If you don’t provide the personal information requested then we may not be able to provide
some or all of those services to you.

Where you use our website, we will process your personal information collected by using cookies.

We may also need to process your personal information to comply with our legal and regulatory obligations including in relation to:
  • performing anti-money laundering, terrorism prevention and sanctions screening checks, complaints and investigations or litigation;
  • obtaining information about your relevant investment knowledge and experience so that we can assess whether a service is appropriate for you;
  • obtaining information about your other investment activities in order to ascertain your status for the purposes of regulations which apply to trading in over-the-counter derivatives; and
  • submitting and disclosing reportable data to our trade repository.
We also have a legitimate interest to process your personal information for:
  • performing the services or supplying the products or information you have agreed to receive from us;
  • ongoing management of our relationship with you and to maintain contact with you;
  • our internal business purposes which may include business and disaster recovery, document retention/storage, IT service continuity (e.g. back-ups and helpdesk assistance) to ensure the quality of the services we provide to you;
  • corporate transactions;
  • marketing analytics including marketing campaign optimisation and web analytics to enable us to develop and target the marketing of our products and services;
  • keeping our records updated and studying how customers use our products/services;
  • developing our products and services, growing our business and informing our marketing strategy;
  • defining the types of customers for our products and services and keeping our website(s) and platform(s) updated and relevant; and
  • portfolio analysis and experience studies to enable us to improve the products and services we offer to customers.

If you have consented to direct marketing, we will use relevant personal information to enable us to provide you with personal information
about products, news and services that may be of interest to you.

Using companies to process your information outside the EEA

All countries in the European Economic Area (“EEA”) have similar standards of legal protection for your personal information. The personal
information that we collect from you may be transferred, and stored, outside the EEA. It may also be processed by staff operating outside
the EEA who work for us. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment
details and the provision of support services. Where we transfer personal information or share it with others outside the EEA, we will ensure
that a similar degree of protection is afforded to it by use of model clauses approved by the European Commission, by transferring to
countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or by
transferring to third parties who are part of the Privacy Shield.

How long will we keep it?

We shall hold information about you on electronic and/or paper files whilst you are a customer and for at least six years after you cease to
be a customer.

How to get more help

If you have questions, please contact us:

For customers in Australia: 1800 354 182
For customers elsewhere: +61 2 9270 3682

If you are unhappy about any aspect of the way we collect, share or use your personal information, we would like you to tell us.


This section explains your rights in relation to your personal information in more detail. The various rights are not absolute and are subject
to certain exceptions or qualifications.

You are entitled to receive personal information free of charge except in the following circumstances where we may charge a reasonable
fee to cover our administrative costs of providing the personal information for:

  • manifestly unfounded or excessive/repeated requests, or
  • further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month
from when we receive your request but, if the request is going to take longer to deal with, we’ll let you know.

In order to exercise any of the rights described below please contact us:

For customers in Australia: 1800 354 182
For customers elsewhere: +61 2 9270 3682

Accessing your information

When can you request access?

You have the right to:
  • confirmation that your personal information is being processed
  • access to your information, and
  • other certain information (most of which should be in our privacy policy anyway).

You can request copies of paper and electric records about you that we hold, share or use. To deal with your request, we can request proof
of identity and enough personal information to enable us to locate the personal information you request.

When will access not be provided?

We can only provide you with your information, not personal information about another person. Also, where access would adversely affect
another person’s rights, we’re not required to provide this. Due to legal privilege, we may not be able to show you anything that we learned
in connection with a claim or legal proceeding.

Please clearly set out in your access request the personal information that you’re requesting. If this is not clear, we may come back to you
to ask for further personal information by way of clarification.

Correcting your information

You have the right to obtain from us without undue delay the rectification of inaccurate personal information concerning you. If you tell us
that the personal information we hold on you is incorrect, we will review it and if we agree with you, we will correct our records. If we do not
agree with you we will let you know. If you wish, you can tell us in writing that you believe our records still to be incorrect and we will include
your statement when we give your personal information to anyone outside the GAIN Capital group of companies. You can contact us using
the details in the section above in the main body of the privacy notice headed ‘Obtaining further personal information from us’.

You may also have the right to have incomplete personal information completed, including by means of providing a supplementary
statement. Whether or not this is appropriate in any particular case depending on the purposes for which your personal information is being

We need to notify any third parties with whom we’ve shared your personal information that you’ve made a rectification request. We’ll take
reasonable steps to do this, but if it is not possible or may involve disproportionate effort we may not be able to do this or ensure they rectify
the personal information they hold.

How you can see and correct your information

Generally, we will let you see the personal information that we hold about you, or take steps to correct any inaccurate information, if you ask
us in writing.

Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.

Erasing your information

When can you request erasure?

You have a right to have your personal information erased, and to prevent processing, where:
  • the personal information is no longer necessary for the purpose it was originally collected/processed;
  • you withdraw consent (where previously provided);
  • you object to the processing and our legitimate interests in being able to keep processing your personal information don’t take priority;
  • we’ve been processing your personal information in breach of data protection laws; or
  • the personal information has to be erased in order to comply with a legal obligation.

When can we refuse erasure requests?

The right to erasure does not apply where we are required to retain it for legal or regulatory purposes or where your information is
processed for certain specified reasons, including for the exercise or defence of legal claims.

More importantly, if we have to erase your data we may not be able to provide you with our services.

Do we have to tell other recipients of your personal information about your erasure request?

Where we have provided the personal information you want to be erased to third parties, we need to inform them about your erasure
request, so they can erase the personal information in question. We’ll take reasonable steps to do this, but this may not always be possible
or may involve disproportionate effort.

It may also be that the recipient is not required/able to erase your personal information because one of the exemptions above applies.

Restricting processing of your information

When is restriction available?

You have the right to restrict the processing of your personal information:

  • where you disagree with the accuracy of the information, we need to restrict the processing until we’ve verified the accuracy of the information;
  • when processing is unlawful and you oppose erasure and request restriction instead;
  • if we no longer need the personal information but you need this to establish, exercise or defend a legal claim; or
  • where you’ve objected to the processing in the circumstances detailed in paragraph (a) of “Objecting to processing”, and we’re considering whether those interests should take priority.

Do we have to tell other recipients of your personal information about the restriction?

Where we’ve disclosed your relevant personal information to third parties, we need to inform them about the restriction on the processing of
your information, so that they don’t continue to process this.

We’ll take reasonable steps to do this, but this may not always be possible or may involve disproportionate effort.

We’ll also let you know if we decide to lift a restriction on processing.

Taking your personal information with you

When does the right to data portability apply?

The right to data portability only applies:
  • to personal information you’ve provided to us (i.e. not any other information);
  • where the processing is based on your consent or for the performance of a contract; and
  • when processing is carried out by automated means.

When can we refuse requests for data portability?

We can refuse your data portability request if the processing does not satisfy the above criteria. Also, if the personal information concerns
more than one individual, we may not be able to transfer this to you if doing so would prejudice that person’s rights.

Objecting to processing

You can object to processing in the following circumstances:

(a) Legitimate interests

You’ve the right to object, on grounds relating to your particular situation, at any time to processing of personal information concerning you
which is based on legitimate interests.
If we can show compelling legitimate grounds for processing your personal information which override your interests, rights and freedoms,
or we need your personal information to establish, exercise or defend legal claims, we can continue to process it. Otherwise, we must stop
using the relevant information.

(b) Direct marketing

You can object at any time to your personal information being used for direct marketing purposes (including profiling related to such direct

If you sign up to receive newsletters or other e-mail messages from us, you can opt-out at any time free of charge by clicking the
unsubscribe link at the bottom of the message or by contacting us:

For customers in Australia: 1800 354 182
For customers elsewhere: +61 2 9270 3682

Automated decision making and profiling

You’ve the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for
you or similarly significant effects.

As explained in the main part of our Privacy Policy, we use technology that does this. We only do so where:

  • this is necessary for entering into, or performance of, a contract between us;
  • this is authorised by applicable law; or
  • we’ve obtained your explicit consent to do so for these purposes.

While we’re confident that the technology works, we understand that not everyone is comfortable with decisions being left entirely up to
machines. That is why you can request human intervention - let us know your concerns and contest the decision if you think our technology
has got it wrong.

CI Aus Privacy Policy August 2018

Can't find what you're looking for?
Speak to our friendly customer support team