Your privacy matters to us. This policy explains what personal data we collect, how we use it, and what rights you have regarding your information. We are committed to protecting your privacy in full compliance with applicable data protection laws.
The data controller responsible for processing your personal data is eToro (Europe) Ltd., Kanika International Business Center, 7th Floor, 4 Profiti Ilia Street, Germasogeia, Limassol, Cyprus. You can reach our Data Protection Officer at [email protected]. We are committed to handling your personal data responsibly and in accordance with all applicable privacy laws, including the EU General Data Protection Regulation (GDPR).
When you create an account, we collect your full name, email address, date of birth, residential address, phone number, and government-issued identification documents (passport or national ID) for identity verification purposes. This data is required to open and maintain your trading account and to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.
To process transactions, we collect payment information including bank account details, credit/debit card information (stored in tokenized form), transaction history, portfolio holdings, and trading activity. This data is used for payment processing, account statements, tax reporting, and regulatory compliance purposes.
We automatically collect technical data about your use of our platform, including IP address, browser type and version, operating system, device information, pages visited, time spent on pages, click patterns, and referral URLs. This data helps us improve our platform, diagnose technical issues, and enhance security.
When you contact our customer support team, we retain records of those communications, including emails, live chat transcripts, and phone call recordings (with prior notice). This data is used to resolve your inquiries and for quality assurance purposes.
We process your personal data on the following legal bases under the GDPR:
We do not sell your personal data to third parties. We may share your data with: payment processors and banking partners for transaction processing; identity verification services for KYC compliance; IT service providers supporting our platform infrastructure; regulatory authorities and law enforcement when legally required; auditors and legal advisors in the course of their professional duties; and business partners in connection with the services we provide. All third-party processors are bound by data processing agreements ensuring appropriate data protection standards.
As a data subject under the GDPR, you have the following rights, which you can exercise at any time:
Request a copy of all personal data we hold about you and information about how it is being processed.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data under certain circumstances (the "right to be forgotten").
Request that we limit the processing of your data under certain circumstances.
Object to processing of your data based on legitimate interests, including direct marketing.
Request your data in a structured, machine-readable format for transfer to another provider.
To exercise any of your privacy rights, please contact us at [email protected]. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority. In the EU, you can find your national supervisory authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, loss, or misuse. These measures include AES-256 encryption for data at rest, TLS 1.3 for all data in transit, two-factor authentication, role-based access controls, regular penetration testing, and an ISO 27001-certified Information Security Management System. Despite these measures, no internet transmission or electronic storage system is completely secure, and we cannot guarantee absolute security.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. Financial transaction records are typically retained for a minimum of 7 years to comply with legal retention requirements. Account data is retained for the duration of your account and for a period after account closure as required by law. After the applicable retention period, your data is securely deleted or anonymized.
Our platform uses cookies and similar tracking technologies to enhance your experience, perform analytics, and deliver personalized content. We use three categories of cookies: strictly necessary cookies (required for platform operation), analytical cookies (to understand how users interact with our platform), and marketing cookies (for personalized advertising, used only with your consent). You can manage your cookie preferences through our Cookie Settings panel at any time.
Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses, adequacy decisions by the European Commission, or other GDPR-recognized transfer mechanisms. We never transfer your data to countries without adequate data protection frameworks without implementing appropriate safeguards.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. For significant changes, we will notify you by email or through a prominent notice on our platform at least 30 days before the changes take effect. We recommend reviewing this policy periodically to stay informed about how we protect your data.