Privacy Policy

Interactive Brokers Group Privacy Policy

At Interactive Brokers, we understand that confidentiality and security of the personal information ("Personal Information") that you share with us is important. The Interactive Brokers Group affiliates (collectively, "IBKR"), are committed to protecting the privacy of Personal Information, including Personal Information related to individuals who may be clients, employees, agents, job applicants or others inside or outside of IBKR. That is why we have developed specific policies and practices designed to protect the privacy of your Personal Information. By opening an account at IBKR or by utilizing the products, services and applications available through IBKR, you have consented to the collection and use of your Personal Information in accordance with this privacy policy ("Privacy Policy" or "Policy"). We encourage you to read this Privacy Policy carefully.

This Policy is based on the privacy and data protection principles common to the countries in which we operate. This Policy is intended to summarize IBKR's data protection practices generally and to advise our clients, prospective clients, job applicants, website visitors and other third parties about IBKR's privacy policies that may be applicable to them.

This Policy is specifically addressed to those who provide Personal Information to IBKR or who visit or use IBKR's websites, trading platforms, software application and social media sites.

Who is responsible for your Personal Information?

IBKR is responsible for the Personal Information that we may collect in the manner discussed below. IBKR includes: Interactive Brokers LLC, One Pickwick Plaza, Greenwich, CT 06830 United States; Interactive Brokers (U.K.) Limited, 20 Fenchurch Street, Floor 12, London EC3M 3BY, United Kingdom; Interactive Brokers Ireland Limited, 10 Earlsfort Terrace, Dublin D02 T380, Ireland; Interactive Brokers Central Europe Zrt., 1075 Budapest, Madách Imre út 13-14., Hungary; Interactive Brokers Luxembourg SARL, 4, Rue Robert Stumper, L-2557 Luxembourg; and their respective affiliates (the "IBKR Entities"). Specifically, your Personal Information will be controlled by the IBKR Entity that is providing services or a communication to you. In some instances your Personal Information will be controlled by more than one IBKR Entity.

How do we collect your Personal Information and what Personal Information do we collect?

IBKR collects and processes Personal Information from you. This may include, among other things, information:

  • provided during the IBKR account application process or during use of any of IBKR's website applications (for example, your name, email address, telephone number, birth date, tax ID number, investment objectives, etc.);
  • acquired as a result of the transactions you conduct through the IBKR systems or in connection with services offered by IBKR (for example, if you participate in IBKR's debit card program);
  • received from consumer-reporting agencies;
  • collected through Internet cookies (for further information on our use of cookies, please see our Cookie Policy).

For what purposes will we use your Personal Information?

We may use your Personal Information for the following purposes ("Permitted Purposes"):

  • To provide services to you in accordance with any agreement(s) you or your organisation may have with us, for our own administrative, record-keeping and compliance procedures;
  • To provide you or your organisation with brokerage and other services available on our platforms, and/or to deal with any requests or inquiries you may have;
  • To pursue legitimate interests, including to carry out, monitor and analyze our business or operations including the activities set out in this Privacy Policy;
  • To enforce or apply any agreement and/or to protect our (or others') property or rights and to defend any potential claim;
  • To conduct our recruiting processes;
  • To respond to requests for information from you and to follow up with you afterwards to see if we can provide any further assistance;
  • To contact you (unless you tell us that you prefer us not to) regarding features and functionality that may be of interest to you;
  • To enter into or carry out contracts of various kinds;
  • To conduct monitoring by us or any other person on our behalf using various methods, including: (i) the use of "intelligent" automated monitoring tools; or (ii) through random monitoring of systems, for example systematically via electronic communication recording tools; (iii) specific monitoring of systems for example in relation to investigations, regulatory requests, subject access requests, litigation, arbitration or mediation or; (iv) data tracking, aggregation and analysis tools that pull data from various disparate data sources to draw linkages and/or detect behavioral patterns, interactions or preferences for analysis (including predictive analysis); and/or (v) using other similar monitoring technology that may become available from time to time;
  • For statistical purposes and for market research and product analysis and to develop and improve our products and services;
  • For the purposes of preventing and detecting money-laundering, terrorism, fraud or other crimes and/or abuses of our services;
  • To comply with any legal, regulatory or good practice requirement whether originating from Ireland or elsewhere (including but not limited to, the United States), and to fulfil our obligations under any reporting agreement entered into with any tax authority or revenue service(s) from time to time;
  • To comply with applicable laws in any country;

We may also process your Personal Information for the following purposes (after obtaining your express consent where such consent is legally required) in accordance with your preferences:

  • To communicate with you through the channels you have approved to keep you up to date on the latest developments, announcements and other information about IBKR services, products and technologies;
  • To conduct client surveys, marketing campaigns, market analysis, or promotional activities;
  • To collect information about your preferences to create a user profile to personalize and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).

Where legally required, with regard to marketing-related communication, we will only provide you with such information after you have opted in or had an opportunity to object and we will also provide you with the opportunity to opt out at any time if you do not wish to receive further marketing-related communication from us. We like to keep our clients, personnel and other interested parties informed of company developments, including news relating to IBKR that we believe is of interest to them. If you do not wish to receive publications or details of events or seminars that we consider may be of interest to you, please let us know by following this link: http://www.interactivebrokers.com/optout. Where legally required, we will not use your Personal Information for taking any automated decisions affecting you or creating profiles other than described above.

Depending on which of the above Permitted Purposes we use your Personal Information for, we may process your Personal Information on one or more of the following legal grounds:

  • Because processing is necessary for the performance of your instruction or other contract with you or to take steps prior to entering into any such contract
  • To comply with our legal obligations (for example, to keep pension records or records for tax purposes);
  • Because processing is necessary for the purposes of our legitimate interest or those of any third party recipients that receive your Personal Information, provided that such interests are not overridden by your interests or fundamental rights and freedoms.

In addition, the processing may be based on your consent where we have expressly sought and you have expressly given that to us.

Who we share your Personal Information with, and in what circumstances

We may share your Personal Information in the following circumstances:

  • We may share your Personal Information between the IBKR Entities on a confidential basis as allowed by applicable law or where required for the purpose of providing products or services and for administrative, billing and other business purposes. A list of the countries in which IBKR Entities are located can be found on our website;
  • We may instruct service providers within or outside of IBKR, domestically or abroad, to process Personal Information for the Permitted Purposes on our behalf and in accordance with our instructions. For example, if you choose to subscribe to any services provided by a third-party provider listed on an Interactive Brokers Investors' Marketplace, we may disclose such information to the service providers as necessary for them to provide the services that you have requested. IBKR generally requires these service providers to enter into confidentiality agreements with IBKR that limit their use of the information that they receive. Such agreements prohibit the service provider from using IBKR client information that they receive other than to carry out the purposes for which the information was disclosed. If required by law, IBKR will retain control over and will remain responsible for your Personal Information and will use appropriate safeguards to ensure the integrity and security of your Personal Information when engaging service providers;
  • We may share your Personal Information with companies providing services in the areas of fraud and crime prevention and with companies providing similar services, including financial institutions such as credit reference agencies and regulatory bodies;
  • We may disclose information about you to any depository, stock exchange, clearing or settlement system, account controller or other participant in the relevant system, to counterparties, dealers, custodians, intermediaries and others where disclosure is reasonably intended for the purpose of effecting, managing or reporting transactions in connection with the provision of our services or establishing a relationship with a view to such transactions;
  • We may share your data with third parties to assist us with the conduct of our recruitment processes;
  • Consistent with applicable law, we may share your Personal Information with courts, law enforcement authorities, regulators or attorneys or other parties for the establishment, exercise or defence of a legal or equitable claim or for the purposes of a confidential alternative dispute resolution process;
  • We may also use aggregated Personal Information and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.

Otherwise, we will only disclose your Personal Information when you direct us or give us permission to do so, when we are allowed or required by applicable law or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.

Personal Information about other people that you provide to us

If you provide Personal Information to us about someone else (such as one of your directors or employees or someone with whom you have business dealings), you must ensure that you are entitled to disclose that Personal Information to us for processing as described in this Privacy Policy.

Keeping Personal Information about you secure

To the extent required by law, we will take appropriate technical and organizational measures to keep your Personal Information confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to Personal Information. Personal Information may be kept on our Information Technology systems, those of our contractors or in paper files.

Transferring your Personal Information outside the European Economic Area ("EEA") or to a jurisdiction not subject to an adequacy decision of the European Commission (if GDPR or equivalent rules apply)

For Personal Information subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR") or equivalent laws we may transfer your Personal Information outside the EEA or to a jurisdiction not subject to an adequacy decision of the European Commission for the Permitted Purposes as described above. This may include countries that do not provide the same level of protection as the laws of your home country (for example, the laws within the EEA or the United States). We will ensure that any such international transfers are made subject to appropriate or suitable safeguards if required by the GDPR or other relevant laws. You may contact us at any time using the contact details below if you would like further information on such safeguards.

With respect to persons covered by GDPR or equivalent laws, in case Personal Information is transferred to countries or territories outside of the EEA that are not recognized by the European Commission as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms to ensure Personal Information is protected.

Updating your Personal Information

If any of the Personal Information that you have provided to us changes, for example if you change your email address or if you wish to cancel any request that you have made of us, please let us know by contacting IBKR Client Service through the IBKR website at interactivebrokers.com/help. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Information that you provide to us.

How long do we retain your Personal Information?

We retain your Personal Information in an identifiable form in accordance with our internal policies which establish general standards and procedures regarding the retention, handling and disposition of your Personal Information. Personal Information is retained for as long as necessary to meet legal, regulatory and business requirements. Retention periods may be extended if we are required to preserve your Personal Information in connection with litigation, investigations and proceedings.

Privacy Rights

Depending on applicable law, you may have certain rights with respect to your personal information including:

  • Obtaining information regarding the processing of your personal information and access to the personal information that we hold about you. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information, (in particular, information that is subject to legal professional privilege);
  • Requesting that we correct your personal information if it is inaccurate or incomplete;
  • Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it;
  • Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request;
  • Withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.

We have designated a Data Protection Officer ("DPO") to enhance and promote compliance with and understanding of privacy and data protection principles. If you wish to do any of the above please send an email to dpo@interactivebrokers.ie.

We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data and for any additional copies of the Personal Information you request from us.

We will consider any requests or complaints that we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator. We will provide you with details of your relevant regulator upon request.

Notice to California Residents: As a federally-regulated provider of financial services, IBKR is broadly exempt from the California Consumer Privacy Act ("CCPA"). Personal information we collect from clients and prospective clients is protected under separate federal legislation. Over the past 12 months, the only type of information we have collected potentially subject to the CCPA is web-browsing information regarding passive visitors to our website who are California residents, but are not our clients and do not provide us with any specific personal information (name, email address, street address, social security number, etc.) to request information about our services, start an account application, or become a client. Information collected from these anonymous, passive visitors to our website may include IP address and browser-specific tags. We do not sell this information to third parties. We only use this information for internal purposes, such as to determine which advertisements are working and which content on our website is most interesting to visitors. Under the CCPA, California residents connected to this type of web-browsing data have a right to request access to it or request that it be deleted. However, we are unable (and not required) to process such requests because we cannot connect such passive web-browsing information collected with an email address or other personal information that we can use to verify that a requesting party is in fact connected to a specific web-browser or IP address.

Updates to this Privacy Policy

This Privacy Policy was last updated on 8 March 2021. We reserve the right to update and change this Privacy Policy from time to time, for example, in order to reflect any changes to the way in which we process your Personal Information or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on our website.

How to contact us

We welcome your views about our website and our Privacy Policy. If you have any questions about this Policy, please contact the Data Protection Officer at dpo@interactivebrokers.ie or please contact IBKR Client Service through the IBKR website at interactivebrokers.com/help.

AMENDMENT FOR INTERACTIVE BROKERS CENTRAL EUROPE ZRT.

INTRODUCTION

This amendment is valid for the data processing performed by Interactive Brokers Central Europe Zrt. ("IBCE"), incorporated and registered in Hungary with company registry number 01-10-141029 whose registered office is at 1075 Budapest, Madách Imre út 13-14. A. ép. V. em. IBCE is an affiliate of IBKR and everything set out in the main part of this policy is also valid for IBCE.

Questions or requests involving the processing of personal data by IBCE may be addressed to IBCE's data protection officer at dpo@interactivebrokers.ie.

DEFINITIONS

The following terms shall have the following meaning:

'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future;

'profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

'supervisory authority' means the Hungarian National Authority for Data Protection and Freedom of Information;

DATA PROCESSING PERFORMED BY IBCE

IBCE performs the following data processing activities:

Data Processing Activity Processed personal data Purpose Legal Basis Recipient of the Personal Data Period of Storing
Anti-money laundering due diligence and transaction monitoring Potentially every piece of information regarding trading activities, funds of the client and information necessary for the due diligence and to identify the beneficial owner as set out in sections 7-9. of the AML act. To perform the obligations prescribed by the AML regulation. Article 6. (1) c) of the GDPR (legal obligation where the legal obligation is prescribed by Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing) Financial Information Unit in case of reporting a suspicious transaction Eight years from the termination of the business relationship with the client.
Anti-money laundering due diligence via video call (audited electronic means of communication, as regulated in the AML Act and the Decree No. 26/2020 (VIII.25.) of the National Bank of Hungary). Information necessary for the due diligence as set out in sections 7-9 of the AML Act and in sections 17-19 in the Decree No. 26/2020. To perform the obligations prescribed by the AML Act. Article 6. (1) (c) of the GDPR (legal obligation where the legal obligation is prescribed by Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing). Eight years from the termination of the business relationship with the client.
Conclusion of client agreement and various other agreements thereunder Name (corporate name), address, registry number, tax number, bank account number, ID document number Prepare and conclude client agreement Article 6. (1) b) of the GDPR (performance of a contract) Five years after the termination of the agreement.
FATCA and CRS reporting Name (corporate name), address, Tax residency Perform reporting obligations Article 6. (1) c) of the GDPR (legal obligation where the legal obligation is prescribed by Act XXXVII. of 2013 and Act XIX of 2014. Hungarian Tax Authority, IRS and other foreign tax authorities. Five years after the performance of the reporting obligation
Performing the obligation regarding MiFID appropriateness test Contents of the MiFID test (the experience of the client regarding investment in asset classes) Performing the obligation regarding MiFID appropriateness test Article 6. (1) c) of the GDPR (legal obligation where the legal obligation is prescribed by article 56 of regulation 2017/565/EU) Five years after the termination of the agreement.
Client complaint handling Client's name, contents of the complaint Article 6. (1) c) of the GDPR (legal obligation where the legal obligation is prescribed by section 121. of Act CXXXVIII of 2007 on Investment Firms) Five years from the receipt of the complaint.
Recording of client communications Contents of the communication (either written of recorded telephone calls) Performance of recording obligation Article 6. (1) c) of the GDPR (legal obligation where the legal obligation is prescribed by article 76 of regulation 2017/565/EU) Five years from the recording.
Recordkeeping for accounting purposes Contents of any accounting documents (agreements, receipts, invoices, etc.) Performance of recordkeeping obligation Article 6. (1) c) of the GDPR (legal obligation where the legal obligation is prescribed by section 169 of Act C of 2000 on accounting) Eight years

Where the legal basis of the data processing is the conclusion or performance of the agreement, the consequence of failure to provide such data by the client results in the agreement not being concluded. Where the legal basis of the data processing is obligation by law, consequence of failure to provide such data by the client results in the termination of the client agreement by IBCE and the possible reporting of the failure of provision to the competent authority.

RIGHTS OF THE DATA SUBJECTS

You have the right to request the rectification and completion, deletion, restriction of your personal data, as well as to request information and access to the personal data processed by IBCE or to withdraw your previous consent by sending a request via e-mail (dpo@interactivebrokers.ie) or mail (1075 Budapest, Madách Imre út 13-14. A. ép. V. em.). These rights are set out in Articles 15-18 and 21 of the GDPR and are detailed below.

Right to information:

IBCE shall take appropriate measures to provide you with information on the processing of personal data in accordance with this policy (all information referred to in Articles 13 and 14 of the GDPR and all information pursuant to Articles 15-22 and 34) in a concise, transparent, comprehensible and easily accessible form, worded in a clear and comprehensible manner, but in a precise manner.

Right of access:

You have the right to access your personal data (receive a copy) and to receive feedback from IBCE as to whether your personal data is being processed. If personal data is being processed, you have the right to be informed of the personal data and the following information:

  • the purposes of data management;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom or to whom the personal data have been or will be communicated, including in particular recipients in third countries (outside the European Union) or international organizations;
  • the planned duration of the storage of personal data;
  • the right to rectify, erase or restrict data processing and to protest;
  • the right to lodge a complaint with the supervisory authority;
  • information on data sources; the fact of automated decision-making, including profiling, and comprehensible information on the logic used and the significance of such data management and the expected consequences for the data subject.

Right of rectification:

You may request the correction of inaccurate personal data concerning you managed by the Data Controller and the completion of incomplete data.

Right of cancellation:

You have the right to have your personal data deleted without undue delay at your request for any of the following reasons:

  • personal data are no longer required for the purpose for which they were collected or otherwise processed;
  • You withdraw your consent to the processing and there is no other legal basis for the processing;
  • You object to the processing and there is no overriding legitimate reason for the processing;
  • unlawful processing of personal data can be established;
  • personal data must be deleted in order to fulfill a legal obligation under EU or Member State law applicable to the controller;
  • personal data were collected in connection with the provision of information society services.

Deletion of data may not be initiated if the data processing is necessary for the following purposes:

  • to exercise the right to freedom of expression and information;
  • to fulfill an obligation under EU or Member State law applicable to the controller to process personal data or to carry out a task carried out in the public interest or in the exercise of a public authority conferred on the controller;
  • in the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, in the public interest;
  • or to bring, assert or defend legal claims.

Right to restrict data processing:

At your request, the processing may be restricted under the conditions set out in Article 18 of the GDPR:

  • You dispute the accuracy of your personal information, in which case the restriction applies to the period of time that allows you to verify the accuracy of your personal information;
  • the data processing is illegal and you oppose the deletion of the data and instead ask for a restriction on its use
  • the data controller no longer needs the personal data for the purpose of data processing, but you require them to make, enforce or protect legal claims;
  • You object to the data processing; in this case, the restriction applies for as long as it is determined whether the legitimate reasons of the Data Controller take precedence over your legitimate reasons.

Where data processing is restricted, personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the European Union or a Member State. You must be informed in advance of the lifting of the data processing restriction.

Withdrawal of consent:

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Rules of procedure:

IBCE shall inform you without undue delay, but in any case within one month from the receipt of the request, of the action taken on the request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. IBCE will inform you of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request.

If IBCE does not take action on your request, it shall inform you without delay, but no later than one month from the receipt of the request, of the reasons for the non-action and that you may lodge a complaint with the supervisory authority and have a judicial remedy.

IBCE shall inform all recipients to whom it has communicated personal data of any rectification, erasure or restriction on the processing of personal data, unless this proves impossible or requires a disproportionate effort. At your request, IBCE will inform these recipients.

Remedies:

If you believe that your data protection rights have been violated, you may lodge a complaint with IBCE or with the competent supervisory authority or enforce your claim before the competent court.

National Authority for Data Protection and Freedom of Information:

H-1055 Budapest, Falk Miksa utca 9-11.
Telefon: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: privacy@naih.hu