Privacy Policy

Oprafin Privacy Policy

Last Updated: April 10, 2025

Welcome to the Oprafin website operated by Oprafin Ltd. We are committed to safeguarding the privacy and security of the data we handle in our capacity as a technology solution provider for Online Trading Brokers, including CFD brokers and Prop Trading Firms. This Privacy Policy outlines how we collect, process, store, and protect data in connection with our services, including the setup and maintenance of trading platforms and the provision of our dashboard product displaying anonymized client trading activity. As a Cyprus-based company, we adhere to the EU General Data Protection Regulation (GDPR) while serving corporate clients globally.

By accessing our website, you acknowledge and agree to the data practices described herein. We may update this Privacy Policy periodically at our discretion to reflect changes in our operations or legal obligations. Any revisions will be posted on this page, and we encourage you to review it regularly for the latest information.

Data Controller and Data Protection Contact

Oprafin Ltd is the data controller responsible for the processing of personal data as described in this Privacy Policy. For any inquiries, requests, or to exercise your data protection rights, please contact our designated Data Protection Officer (DPO):

Email: privacy@oprafin.com
Address: Karaiskaki 6, City House, 3032, Limassol, Cyprus

Our Business and Data Processing Overview

Oprafin Ltd provides technological solutions and operational support to corporate clients—specifically firms in the financial industry. Our services include setting up and maintaining trading platforms and offering a bespoke product- Retina that displays anonymized trading activity data (e.g., trading volumes by country connected to derived from IP addresses.

We do not collect or process personal data of individual traders (e.g., names, dates of birth and ID numbers). Instead, our data processing focuses on:

Corporate Client Data: Information about our clients, which are companies, including names of directors, shareholders, their KYC documentation (e.g., identification documents), and corporate documentation (e.g., certificates of incorporation, group structure if applicable).

Anonymized Trading Activity: Aggregated data displayed in our dashboard, such as trading activity by country, without any link to identifiable individuals.

Our operations are based in Cyprus, with both our primary and backup servers located there. As a tech solution provider, we do not fall under direct financial regulatory oversight but comply with GDPR as an EU entity processing personal data of corporate representatives.

Principles of Data Processing

We process personal data with a commitment to:

Purpose Limitation: Collecting only what is necessary for our contractual and legitimate business purposes.
Minimization: Ensuring data is relevant and limited to what is required.
Accuracy: Keeping data correct and up-to-date where applicable.
Retention: Storing data only as long as necessary for its purpose or legal obligations.
Security: Implementing robust technical and organizational measures to protect data integrity, confidentiality, and availability.
Rights of Individuals: Respecting the rights of natural persons whose data we process (e.g., directors, shareholders).

Our processing adheres to the principles of Confidentiality, Integrity, and Availability (CIA), ensuring compliance with GDPR and other applicable data protection laws where relevant to our global client base.

Legal Basis for Processing

We process personal data under the following GDPR legal bases:

Contractual Necessity (Art. 6(1)(b)): To fulfill agreements with our corporate clients, such as providing trading platform services or dashboard access.
Legitimate Interests (Art. 6(1)(f)): To manage our business relationships, enhance our services, and ensure the security of our systems, provided these interests do not override the rights of individuals.
Consent (Art. 6(1)(a)): Where explicitly obtained, such as for optional marketing communications.
Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, such as tax or corporate record-keeping requirements in Cyprus.

Data Sharing

We may share corporate client data with:

Affiliates and Service Providers: Trusted partners who assist with technical support, liquidity, server maintenance, or other operational needs, bound by contracts ensuring GDPR-compliant processing.
Authorities: When required by law or to protect our rights, property, or security (e.g., in response to legal investigations).

Given our global clientele, data may be transferred outside the EEA (e.g., to the USA or UAE). In such cases, we implement safeguards equivalent to EU Standard Contractual Clauses (SCCs) to ensure adequate protection. For more details on SCCs, visit: ec.europa.eu/info/law/law-topic/data-protection


Data Retention and Deletion

We retain corporate client data (e.g., KYC documents, corporate records) for as long as necessary to fulfill our contractual obligations or comply with legal requirements (e.g., Cyprus tax laws). Anonymized trading activity data is retained for statistical analysis and service improvement, with no link to individuals. Data is securely deleted or anonymized once its purpose expires, unless retention is legally mandated.

Website Data Collection

Log Files

When you visit our website, our system automatically collects technical data for operational purposes:

Browser type and version
Operating system
IP address
Date and time of access
Referring websites
Pages accessed on our site

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in website functionality and security).

Purpose: To deliver the website, optimize performance, and protect our IT infrastructure.
Retention: Data is deleted after the session ends, or within 7 days for log files, unless anonymized for longer-term security analysis.

Cookies

Our website uses cookies to enhance usability:

Essential Cookies: Required for site navigation and functionality.
Performance Cookies: To monitor and improve site speed and performance.
Third-Party Cookies: May link to platforms like LinkedIn or Google Analytics (with IP anonymization enabled) for analytics purposes.

Legal Basis: Essential cookies – Art. 6(1)(f) GDPR; non-essential cookies – Art. 6(1)(a) GDPR (consent).

Control: You can manage cookie preferences via your browser settings.

Retention: Varies by cookie type; essential cookies persist for the session, others may last longer unless deleted.

Upon your first visit, we’ll notify you about cookie usage and link to this Privacy Policy.

Contacting Us

You may reach us via email at privacy@oprafin.com. Data provided (e.g., name, company, email) is processed solely to respond to your inquiry.Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in communication), or Art. 6(1)(b) GDPR if related to a contract.

Retention: Data is deleted once the inquiry is resolved, unless required for legal purposes.

Objection: You may object to processing by contacting us.

Data Subject Rights

As a representative of a corporate client (e.g., director, shareholder), you have rights under GDPR regarding your personal data:

Right to Information: Confirm whether we process your data and access details.
Right to Access: Obtain a copy of your data.
Right to Rectification: Correct inaccurate data.
Right to Erasure: Request deletion where lawful.
Right to Restriction: Limit processing in certain cases.
Right to Data Portability: Receive your data in a structured format.
Right to Object: Oppose processing based on legitimate interests.
Right Against Automated Decisions: Challenge automated profiling (not applicable to our services).

To exercise these rights, contact privacy@oprafin.com. We’ll respond within one month, extendable under GDPR if complex. You may also lodge a complaint with the Cyprus Data Protection Authority or your local supervisory authority.

Office address: Kypranoros 15, Nicosia 1061 , Cyprus
Postal address: P.O.Box 23378, 1682 Nicosia, Cyprus
Telephone number: +357 22818456
Fax: +357 22304565
Email: commissionerdataprotection.gov.cy

Security and Infrastructure

Our servers (primary and backup) are located in Cyprus, secured with industry-standard measures to protect against unauthorized access, loss, or breaches. In case of a data breach, we’ll notify affected parties and authorities as required by GDPR.

Global Considerations

While GDPR governs our operations, we recognize that our corporate clients operate in jurisdictions with varying data protection laws (e.g., UAE, USA). We strive to maintain a consistent, high standard of privacy protection worldwide, using contractual safeguards where necessary.This Privacy Policy reflects Oprafin Ltd’s commitment to transparency and compliance while serving our corporate clients globally. For further assistance, reach out to privacy@oprafin.com.

Powering Trading Environments with Intelligent Oversight.

Trusted by leading firms worldwide to secure execution, safeguard operations, and simplify infrastructure.

Email:
meet@oprafin.com
Phone:
+357 99 897589

Oprafin Limited is a company registered in the Republic of Cyprus under Registration Number 452399, located at Karaiskaki 6, City House, 3032 Limassol, Cyprus.

Contact
Twitter
© 2025 Oprafin. All Rights Reserved.
Privacy PolicyTerms & Conditions