This Policy is based on the privacy and data protection principles common to the countries in which we operate. This Policy is intended to summarize IBKR's data protection practices generally and to advise our clients, prospective clients, job applicants, website visitors and other third parties about IBKR's privacy policies that may be applicable to them.
This Policy is specifically addressed to those who provide Personal Information to IBKR or who visit or use IBKR's websites, trading platforms, software application and social media sites.
IBKR is responsible for the Personal Information that we may collect in the manner discussed below. IBKR includes: Interactive Brokers LLC, One Pickwick Plaza, Greenwich, CT 06830 United States; Interactive Brokers (U.K.) Limited, Level 20 Heron Tower, 110 Bishopsgate, London EC2N 4AY, United Kingdom; Interactive Brokers Ireland Limited, 10 Earlsfort Terrace, Dublin D02 T380, Interactive Brokers Central Europe Zrt. incorporated and registered in Hungary with company number 01-10-141029 whose registered office is at 1075 Budapest, Madách Imreút 13-14., Hungary; Interactive Brokers Luxembourg SARL, 4, Rue Robert Stuemper, L-2557 Luxembourg; and their respective affiliates (the "IBKR Entities"). Specifically, your Personal Information will be controlled by the IBKR Entity that is providing services or a communication to you. In some instances your Personal Information will be controlled by more than one IBKR Entity.
IBKR collects and processes Personal Information from you. This may include, among other things, information:
We may use your Personal Information for the following purposes ("Permitted Purposes"):
We may also process your Personal Information for the following purposes (after obtaining your express consent where such consent is legally required) in accordance with your preferences:
Where legally required, with regard to marketing-related communication, we will only provide you with such information after you have opted in or had an opportunity to object and we will also provide you with the opportunity to opt out at any time if you do not wish to receive further marketing-related communication from us. We like to keep our clients, personnel and other interested parties informed of company developments, including news relating to IBKR that we believe is of interest to them. If you do not wish to receive publications or details of events or seminars that we consider may be of interest to you, please let us know by following this link: https://www.interactivebrokers.com/en/index.php?f=464. Where legally required, we will not use your Personal Information for taking any automated decisions affecting you or creating profiles other than described above.
Depending on which of the above Permitted Purposes we use your Personal Information for, we may process your Personal Information on one or more of the following legal grounds:
In addition, the processing may be based on your consent where we have expressly sought and you have expressly given that to us.
We may share your Personal Information in the following circumstances:
Otherwise, we will only disclose your Personal Information when you direct us or give us permission to do so, when we are allowed or required by applicable law or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities
To the extent required by law, we will take appropriate technical and organizational measures to keep your Personal Information confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to Personal Information. Personal Information may be kept on our Information Technology systems, those of our contractors or in paper files.
For Personal Information subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR") or equivalent laws we may transfer your Personal Information outside the EEA or to a jurisdiction not subject to an adequacy decision of the European Commission for the Permitted Purposes as described above. This may include countries that do not provide the same level of protection as the laws of your home country (for example, the laws within the EEA or the United States). We will ensure that any such international transfers are made subject to appropriate or suitable safeguards if required by the GDPR or other relevant laws. You may contact us at any time using the contact details below if you would like further information on such safeguards.
With respect to persons covered by GDPR or equivalent laws, in case Personal Information is transferred to countries or territories outside of the EEA that are not recognized by the European Commission as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms to ensure Personal Information is protected.
If any of the Personal Information that you have provided to us changes, for example if you change your email address or if you wish to cancel any request that you have made of us, please let us know by contacting IBKR Client Service through the IBKR website at interactivebrokers.com/help. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Information that you provide to us.
We retain your Personal Information in an identifiable form in accordance with our internal policies which establish general standards and procedures regarding the retention, handling and disposition of your Personal Information. Personal Information is retained for as long as necessary to meet legal, regulatory and business requirements. Retention periods may be extended if we are required to preserve your Personal Information in connection with litigation, investigations and proceedings.
Depending on applicable law, you may have certain rights with respect to your personal information including:
We have designated a Data Protection Officer ("DPO") to enhance and promote compliance with and understanding of privacy and data protection principles. If you wish to do any of the above please send an email to firstname.lastname@example.org.
We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data and for any additional copies of the Personal Information you request from us.
We will consider any requests or complaints that we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator. We will provide you with details of your relevant regulator upon request.
As a federally-regulated provider of financial services, IBKR is broadly exempt from the California Consumer Privacy Act ("CCPA"). Personal information we collect from clients and prospective clients is protected under separate federal legislation. Over the past 12 months, the only type of information we have collected potentially subject to the CCPA is web-browsing information regarding passive visitors to our website who are California residents, but are not our clients and do not provide us with any specific personal information (name, email address, street address, social security number, etc.) to request information about our services, start an account application, or become a client. Information collected from these anonymous, passive visitors to our website may include IP address and browser-specific tags. We do not sell this information to third parties. We only use this information for internal purposes, such as to determine which advertisements are working and which content on our website is most interesting to visitors. Under the CCPA, California residents connected to this type of web-browsing data have a right to request access to it or request that it be deleted. However, we are unable (and not required) to process such requests because we cannot connect such passive web-browsing information collected with an email address or other personal information that we can use to verify that a requesting party is in fact connected to a specific web-browser or IP address.