Group Privacy Policy

1. Introduction

This Privacy Notice explains how Monex Group ("Monex", "we", "us", or "our") collects, uses, discloses, and otherwise processes personal data in connection with its business activities. This Notice applies to individuals who interact with Monex, including clients, prospective clients, beneficial owners, authorized representatives, website users, and business contacts. Monex is committed to processing personal data in accordance with applicable data protection laws and regulations in the jurisdictions in which it operates. This Privacy Notice provides a high-level overview of how personal data is processed across the Monex Group. Each Monex entity maintains its own local privacy notice, which contains more specific information about the processing of personal data in accordance with applicable local data protection laws and regulations. In the event of any inconsistency between this Privacy Notice and a local privacy notice, the local privacy notice shall prevail to the extent required by applicable law.

2. Data Controller

The relevant Monex entity with which you have a relationship will act as the data controller in respect of your personal data. MonexGlobal.com is operated as a global informational website by the Monex Group. The provision of products or services is carried out solely by the relevant Monex entity, subject to local regulation. Monex operates through a group of affiliated entities across multiple jurisdictions, including the United States, United Kingdom, European Economic Area, and Mexico. Where necessary for the provision of services, personal data may be shared between Monex Group entities acting as independent or joint controllers, as applicable. Where Monex entities act as joint controllers, they have entered into arrangements to determine their respective responsibilities for compliance with applicable data protection laws, in accordance with relevant legal requirements. Details of the relevant Data Controller are available in the regional legal section of this website.

3. Categories of Personal Data

Monex may collect and process personal data obtained directly from you, from third parties, or from publicly available sources. Such data may include identification and verification information, contact details, financial and transactional data, and information relating to your business activities or relationship with Monex. In addition, Monex processes technical data relating to your use of its websites and platforms, including device identifiers, IP address, and usage information. Monex also processes information required for compliance purposes, including documentation and data necessary to meet anti-money laundering, counter-terrorist financing, sanctions, fraud prevention, and other regulatory requirements.

4. Purposes of Processing

Monex processes personal data for the purposes of entering into and performing contracts, including the provision of foreign exchange, international payment, and related financial services. Personal data is also processed to comply with applicable legal and regulatory obligations, including know-your-customer requirements, anti-money laundering and sanctions screening, transaction monitoring, and regulatory reporting. In addition, Monex processes personal data for the purposes of risk management, including the prevention and detection of fraud and financial crime, credit risk assessment, and internal controls. Personal data may also be processed for internal business purposes, including audit, reporting, analytics, system administration, and the development and improvement of services. Where permitted by law, Monex may process personal data to communicate with you regarding products, services, and insights that may be of interest.

5. Legal Basis for Processing

Where applicable under relevant data protection laws, Monex relies on one or more of the following legal bases for processing personal data:

• the necessity of processing for the performance of a contract or in order to take steps prior to entering into a contract;
• compliance with legal and regulatory obligations to which Monex is subject;
• the legitimate interests pursued by Monex or a third party, including the operation, security, and improvement of its business, except where such interests are overridden by your rights and interests;
• your consent, where required by applicable law.

6. Disclosure of Personal Data

Personal data may be disclosed to other entities within the Monex Group where necessary for the provision of services, internal administration, and compliance with regulatory requirements. Monex may also disclose personal data to third parties, including financial institutions, payment service providers, technology and infrastructure providers, identity verification and compliance service providers, and professional advisors. In addition, Monex may disclose personal data to competent authorities, regulators, courts, and law enforcement agencies where required or permitted by law. All disclosures are subject to appropriate contractual, legal, and security safeguards.

7. International Transfers

Given the global nature of Monex's operations, personal data may be transferred to and processed in jurisdictions outside the country in which it was originally collected. Where such transfers occur, Monex ensures that appropriate safeguards are implemented in accordance with applicable data protection laws. These safeguards may include the use of standard contractual clauses or other approved transfer mechanisms, as well as ensuring that recipients are subject to equivalent data protection obligations.

8. Data Retention

Monex retains personal data for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, regulatory, tax, accounting, and reporting requirements. Retention periods are determined based on the nature of the data, the purposes of processing, and applicable legal obligations. In certain circumstances, data may be retained for longer periods where required for the establishment, exercise, or defense of legal claims.

9. Data Subject Rights

Subject to applicable law, you may have rights in relation to your personal data, including the right to request access, rectification, erasure, restriction of processing, and, where applicable, data portability. You may also have the right to object to certain types of processing, including processing based on legitimate interests or for direct marketing purposes. Where processing is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. Requests to exercise these rights may be submitted using the contact details set out below. Where applicable, you may also lodge a complaint with your local data protection supervisory authority. Where applicable, you may also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

10. Data Security

Monex implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including measures designed to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Such measures include access controls, encryption, system monitoring, and regular assessments of security practices.

11. Cookies and Online Data

Monex uses cookies and similar technologies on its websites and digital platforms to ensure functionality, enhance user experience, and analyze usage. Further information is available in the relevant cookie notice.

12. Updates to this Notice

This Privacy Notice may be updated from time to time to reflect changes in legal requirements or Monex's data processing practices. The updated version will be made available on Monex's website.

13. Contact Details

Questions, requests, or concerns regarding this Privacy Notice or the processing of personal data may be directed to:

Alternatively, you may contact the relevant Monex entity with which you have a relationship. Further details regarding the relevant Monex entity acting as data controller are available in the regional "Compliance & Legal" section of this website.

14. Complaints

If you consider that the processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority in your jurisdiction.