Home Legal Privacy Policy
Privacy & Data Protection

Privacy Policy

How BINGMEX Limited collects, uses, shares, retains and protects personal data, in accordance with the Data Protection Act 2017 of the Republic of Mauritius and our wider regulatory obligations as an FSC-regulated Investment Dealer.

Data controller BINGMEX Limited Legal basis Data Protection Act 2017 (Mauritius) Effective February 2024

01Scope & controller

This Privacy Policy applies to personal data that BINGMEX Limited (the "Company", "we", "us") processes about you when you visit our website at bingmex.com, when you apply to open an Account with us, when you trade through MetaTrader 5 using credentials issued by us, and when you correspond with our client services or compliance teams.

For the purposes of the Data Protection Act 2017 of the Republic of Mauritius, BINGMEX Limited is the data controller in respect of personal data processed about its Clients and prospective Clients. We are registered with the Mauritius Data Protection Office in respect of our processing activities.

02What data we collect

The categories of personal data we may collect about you include:

  • Identity data — full name, date of birth, place of birth, nationality, gender, photograph, signature, government-issued identification numbers (passport, national ID, driving licence);
  • Contact data — residential address, email address, telephone number, country of residence;
  • Financial data — bank account details, payment instrument details, source of funds, source of wealth, transaction history, account balances, profit and loss;
  • Employment & background data — occupation, employer, professional qualifications, public position held (for PEP screening);
  • Tax data — country of tax residence, tax identification number(s), CRS / FATCA self-certification declarations;
  • Trading data — Orders placed, transactions executed, IP address used to access MT5, device identifiers, login timestamps, audit-trail metadata;
  • Communications data — emails, support tickets, telephone-call recordings (where the call relates to an Order or to a regulatory matter), live-chat transcripts;
  • Compliance data — sanctions and PEP screening results, adverse-media findings, internal disclosure forms, suspicious-transaction-report references.

We do not seek to collect special categories of personal data (such as health, biometric or political data). If we incidentally receive such data — for example, on a copy of an identification document — we treat it with the additional safeguards required by the Data Protection Act 2017.

03How we collect it

We collect personal data:

  • Directly from you — when you complete our online application, upload identification documents, fund your Account, place Orders or correspond with our teams;
  • From your use of our services — automatically, through the MetaTrader 5 platform and our website, including IP address, device and browser information, session metadata and audit trail;
  • From third parties — including identity-verification service providers, sanctions and PEP screening providers (such as Refinitiv World-Check and NameScan), payment processors, banks, introducers (where applicable), regulators and public registers.

04Why we use it

We process personal data for the following purposes:

  1. To provide our services — opening and operating your Account, executing your Orders, processing deposits and withdrawals, providing statements and analytics, and communicating with you about your Account.
  2. To comply with our legal & regulatory obligations — performing customer due diligence, conducting sanctions and PEP screening, monitoring transactions, filing Suspicious Transaction Reports, responding to lawful requests from the FSC, the Financial Intelligence Unit, the National Sanctions Secretariat, tax authorities and law-enforcement bodies, and meeting the record-keeping requirements of the FIAMLA, FIAML Regulations 2018 and FSC AML / CFT Handbook.
  3. To manage risk — assessing eligibility, monitoring trading activity, detecting fraud, market abuse or unauthorised access, and protecting the security of our platforms and infrastructure.
  4. To improve our service — analysing aggregated usage patterns, troubleshooting platform issues, improving the user experience and developing new features.
  5. To inform you about our service — sending operational communications and, where you have consented, marketing communications about our products. You may opt out of marketing communications at any time.

We rely on one or more of the following legal bases under the Data Protection Act 2017:

Contract
Where processing is necessary to perform our Client Agreement with you or to take steps at your request before entering into the Agreement.
Legal obligation
Where processing is necessary to comply with a legal or regulatory obligation to which we are subject — most notably the FIAMLA, FIAML Regulations 2018, UNSA 2019, the Securities Act 2005, the Financial Services Act 2007 and FSC requirements.
Legitimate interests
Where processing is necessary for our legitimate interests (or those of a third party) — for example, fraud prevention, system security, internal record-keeping and analytics — and provided those interests are not overridden by your rights and freedoms.
Consent
Where you have given us specific consent — for example, for non-essential marketing communications or for non-essential cookies. You may withdraw consent at any time.
Vital interests & public interest
Where processing is necessary to protect the vital interests of any person or to perform a task in the public interest (limited to specific lawful situations).

06Who we share it with

We share personal data with the following categories of recipient, and only to the extent necessary for the relevant purpose:

  • Service providers acting on our behalf — including identity-verification providers, sanctions screening providers, IT and cloud-hosting providers, MetaQuotes (operator of MT5), data-storage providers and analytics tools, all bound by written confidentiality and data-protection obligations;
  • Banks, payment processors and counterparties required to settle deposits, withdrawals and trades;
  • Liquidity providers and execution venues to the extent necessary to execute your Orders;
  • Auditors, legal advisers and professional advisers bound by professional duties of confidence;
  • Regulators, supervisory authorities, tax authorities and law-enforcement bodies where we are required or permitted by law to provide information — including the Financial Services Commission, the Financial Intelligence Unit, the National Sanctions Secretariat, ICAC and the Mauritius Revenue Authority;
  • Affiliated companies within our corporate group, where this is necessary for the purposes set out in section 4 and subject to appropriate safeguards;
  • Acquirers and successors in the event of a sale, merger, restructuring or other change of control affecting BINGMEX or any part of its business.

We do not sell personal data to third parties for their own marketing purposes.

07Cross-border transfers

Some of our service providers, liquidity providers and group entities are located outside the Republic of Mauritius. Where we transfer personal data outside Mauritius, we do so in accordance with Section 36 of the Data Protection Act 2017 — by transferring only to countries or recipients that ensure an adequate level of protection, by entering into appropriate contractual safeguards, or where you have explicitly consented to the transfer for a specific purpose.

08How long we keep it

We retain personal data for as long as is necessary to fulfil the purposes for which it was collected, including any related legal, regulatory, tax, accounting or reporting requirements. The minimum retention period for AML / CFT records (CDD documents, transaction records, internal disclosures, Suspicious Transaction Reports, training records) is seven (7) years from the end of the business relationship, the completion of the relevant transaction or the date the report was made, whichever is the latest.

Where data is no longer needed, we delete or anonymise it in line with our internal retention schedule. Anonymised data may be retained indefinitely for analytical purposes.

09How we protect it

We maintain appropriate technical and organisational measures to safeguard personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include encryption of data in transit and at rest where appropriate, access controls based on the principle of least privilege, multi-factor authentication for sensitive systems, network segmentation, audit logging, regular security testing and a documented incident-response plan.

Despite our best efforts, no method of transmission over the internet or electronic storage is completely secure. If we become aware of a personal-data breach affecting your data and likely to result in a risk to your rights and freedoms, we will notify you and the Data Protection Office without undue delay, in accordance with the Data Protection Act 2017.

10Cookies & the website

Our website uses cookies and similar technologies to make the site function correctly, to remember your preferences, to analyse usage, and (where you consent) to deliver marketing. We use:

  • Strictly necessary cookies — required for the site to operate (for example, session management, security tokens). These cannot be disabled within our cookie controls.
  • Analytics cookies — to understand how visitors use the site so that we can improve it. These are set only where you consent.
  • Functional cookies — to remember your language, region and similar preferences.

You can control non-essential cookies through your browser settings or through any cookie banner we display. Disabling cookies may affect the functionality of the website.

11Your rights

Under the Data Protection Act 2017 you have the following rights in respect of your personal data:

  • Access — to obtain confirmation that we are processing your data and a copy of that data;
  • Rectification — to ask us to correct inaccurate or incomplete personal data;
  • Erasure — to ask us to delete your personal data, subject to our legal and regulatory retention obligations;
  • Restriction — to ask us to restrict the processing of your personal data in certain circumstances;
  • Objection — to object to processing carried out on the basis of legitimate interests, including direct marketing;
  • Portability — to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible;
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time; this does not affect the lawfulness of processing carried out before the withdrawal;
  • Lodge a complaint — with the Mauritius Data Protection Commissioner if you believe we have infringed your data-protection rights.

To exercise any of these rights, please contact us using the details in section 14. We may need to verify your identity before responding. We will respond to a valid request without undue delay, and in any event within the time-frame required by the Data Protection Act 2017.

12Children & minors

Our services are not directed at, and we do not knowingly collect personal data from, persons under the age of 18. If you believe a minor has provided personal data to us, please contact us at legal@bingmex.com and we will take steps to delete it.

13Changes to this policy

We review this Privacy Policy periodically and update it to reflect changes in law, regulation, our services or our processing practices. The date of the most recent update is shown at the top of this page. Where the changes are material, we will notify you by email or by a notice on the website before the changes take effect.

14How to contact us

For any privacy-related enquiry — including to exercise your rights, raise a concern or report a suspected breach — please contact us through one of the channels below:

Privacy & Compliance
legal@bingmex.com — for the attention of the Compliance Officer (acting as Data Protection Officer)
Client Services
support@bingmex.com — for general account and service queries
Technical Support
it@bingmex.com — for platform access, security incidents and account-recovery matters
Registered Office
BINGMEX Limited
3rd Floor, Standard Chartered Tower, Bank Street, Cybercity, Ebene, Republic of Mauritius
Supervisory authority
Data Protection Office, Mauritius (dataprotection.govmu.org)
Issued by BINGMEX Limited · Investment Dealer (Full Service Dealer, excluding Underwriting) · Licence No. GB23202018 · Authorised and regulated by the Financial Services Commission of the Republic of Mauritius.