The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
GPS has an understanding and a respect for the privacy of personal information. Confidentiality and security of information is extremely important to us. GPS has a GDPR compliance plan in place to meet the May 25th deadline.
Recognizing the impact of GDPR, GPS identified a team of executives to lead its GDPR compliance efforts and worked with a consulting firm. GPS closely reviewed GDPR (including regulator interpretations) as well its existing common control framework to identify changes or improvements in GPS’ data protection program.
GPS’ only stores data that is required for normal operation of our platform. No personal data is stored besides private names and emails for login, trade notifications and support. Payment details are stored at our client’s request. This data is limited to the details needed to execute the delivery of payment on behalf of our client.
GPS’ marketing department does store email addresses to send out its Overnight Market Summary. This summary contains information regarding the foreign currency markets and is not used for solicitation. Our consent process for these emails is fully compliant with GDPR and all marketing emails have a clear unsubscribe link. Customers wishing for all marketing contact details to be modified, reviewed or deleted should email [email protected].
Yes. We retain minimal basic user information to communicate with our customers regarding their transactions. However, GPS users may opt-out of communications by contacting GPS at [email protected].
GPS-hosted instances are hosted in the Microsoft Azure cloud. By default, GPS hosts in the US West region geo redundancy in other regions. All data hosted with GPS is encrypted and behind firewall.
Yes. Our data security program is designed to ensure that the policies, controls and processes are appropriate to the type of personal data and data processing collected.
Security is a top priority for GPS. As such, we employ numerous security measures to ensure that GPS is completely secure.
Annually GPS has an examination of its corporate foreign exchange services and systems and on the suitability of the design and operating effectiveness of its controls. The examination is performed in compliance with the American Institute of Certified Public Accountants (AICPA) and the Service Organization Control Standards (SOC1 SSAE 18 Type II audit).
GPS Development and Management teams collaborate with our Compliance privacy leads to assess and mitigate potential privacy risks during the various phases of product development starting from concept, through requirements gathering, and throughout implementation. The collaboration typically includes regular meetings where the teams collaborate on developing products/services that meet and/or exceed applicable data privacy requirements.
GPS’ privacy professionals assess a variety of activity involving personal data for risk and frequently make recommendations for how to reduce any risks identified. Under GDPR when these assessments identify a high risk, GPS will conduct full data protection impact assessments.
GPS keeps permanent record of all transactions including the user name of those conducting the transaction. If a client wishes to have a username and email removed from the system, they can do so by contacting [email protected].