Privacy Policy & Cookies


1         About this privacy notice


  • This privacy notice tells you how we use your personal information when you visit our website, make contact with us or access our platform. It sets out the ways in which we collect personal information, the uses of that personal information and the ways in which we will share any personal information you choose to provide to us.

  • Please read this notice carefully. By submitting your details, you confirm that you have read and understood this notice in its entirety.

  • Our website may contain links to other websites operated by other organisations. If you follow a link to any of those third-party websites, please note that they have their own privacy notices.  We are not responsible for their notices or their processing of your personal information.  Please check these notices before you submit any personal information to them.

2         Who we are

    • GFO-X is the trading name of Global Futures and Options Ltd. Our company number is 13018987 and our registered office is at First Floor, 36-38 Botolph Lane, London, United Kingdom, EC3R 8DE).  We are responsible for the handling of your personal information we collect from you, unless stated otherwise.

    • We have a data protection officer (also known as a DPO) who can be contacted at

3         Information we collect about you

    • We will collect and process all or some of the following personal information from you:

      • Information you provide to us about yourself: personal information that you provide to us, such as when registering for an account on our website, including your name, email address, telephone number, home address, and delivery address.

      • Correspondence between us: if you contact us, we will typically keep a record of that correspondence. This may include telephone calls, which we record to assist us in training our staff and undertaking quality checks.

      • Website and communication usage: details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your IP address, domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

      • Information you provide to us about your business with us: This may include transaction reporting information, details of codes you use and the personal details relating to these codes.

      • Transactions and payment details: Transaction details of the participants of our Multi-Trading Facility (MTF), the payments they make and the details of individuals that are authorised to make these payments on behalf of the participant.

    • We may also collect information about you from other sources.

      • We might receive information from third parties relevant to the services we are providing such as fraud prevention bodies.

      • We may collect information you have allowed to be publicly available, such as the Companies House.

      • We may receive information from third parties who provide you with access to our platform and data, such as market data vendors, independent software vendors or the participants of our MTF.

      • We may receive information from regulatory bodies.

    • We enter into contracts with participants of our MTF or market data vendors which in turn provide you with access to our platform and data (whether as your suppliers or employers). To perform our regulatory and anti-money laundering obligations in connection with such contracts, we sometimes need to collect and use your personal information.  If you don’t provide us with this information, we might not be able to provide our data or services to you.  In this case, we might have to suspend or cancel the service you have with us.  We will notify the relevant access service provider if this is the case at the time.

    • When you complete our online forms or other requests for information, we will make it clear whether the information we request is voluntary or must be provided to us in order for us to proceed with your registration or other services.

4         Why we use your personal information

    • When we use your personal information, we require a legal justification, also known as a “legal ground”. Normally, we will rely on the one or more of the following legal grounds:

      • Performance of a contract: This is relevant where we collect and use your personal information where necessary to perform our obligations under a contract with your access or service provider or employer.

      • Legitimate interest: This is relevant where we use your personal information where it is necessary for our legitimate interests, some examples of which are given below, and does not override your rights.

      • Compliance with law or regulation: This is relevant where we use your personal information where necessary to comply with applicable laws.

      • Consent: This is relevant where we need your consent to use your personal information.  However, we do not usually need your consent if there is another legal ground as above.  You can withdraw your consent by contacting us (see below).

We may process your personal data for more than one legal ground depending on the specific purpose for which we are using your personal information.

  • We use your personal information for the purposes and on the basis of the legal grounds set out below:

    • To process your identification details to confirm your identity and register you as a new end user or an account holder on our platform.

Legal grounds:  contract performance; legitimate interests (to establish a relationship with you).

  • To provide services which you have ordered and fulfil our contract with your access or service provider.

    • Legal grounds: contract performance; legitimate interests (to run our business).

  • To conduct questionnaires, surveys and research into customer satisfaction.

Legal grounds: legitimate interests (to enable us to improve our services and quality control).

  • To communicate effectively with you to respond to your queries or communicate with you in relation to your access to our platform.

Legal grounds: contract performance; legitimate interests (to address queries or complaints to or about our business and improve our services and quality control).

  • To record or monitor communications mentioned above.

Legal grounds: contract performance; legitimate interests (to address queries or complaints to or about our business, improve our services and quality control and support investigation of suspected breaches as set out below).

  • To undertake continuing checks, monitoring and audits: to monitor queries and transactions to ensure service quality and compliance with laws, policies and procedures.

Legal grounds: legitimate interests (to ensure the quality of services); compliance with laws that require us to conduct these activities.

  • To monitor the use of the GFO-X Multilateral Trading Facility by participants who have entered into a Participant Agreement with GFO-X, for example in order to assess whether participants are sending a substantial number of messages which do not result in completed transactions and monitor Order to Trade ratio.

Legal grounds: legitimate interests (to ensure compliance of participants and users); compliance with laws that require us to conduct these activities.

  • To investigate any suspected breaches of the rules of the GFO-X Multilateral Trading Facility.

Legal grounds: legitimate interests (to ensure compliance of participants and users and quality of services); compliance with laws that require us to conduct these activities.

  • To provide you with marketing materials such as our newsletters, updates and offers, where you have chosen to receive these on behalf of the participant or market data vendor or for your own purposes.

Legal grounds: depending on the type of marketing and our relationship with you, consent at the time we collect your data to conduct; legitimate interests (to promote and market our business).

  • To build a picture of you from short code information as part of our surveillance obligation as a regulated entity.

Legal grounds: compliance with laws and regulations that require us to surveil the end users.

  • To check your data against databases of individuals who are subject to sanctions, classified as “politically exposed persons” or have committed crimes and to follow up any suspicions to ensure that we comply with our anti-money laundering and terrorism obligations and to avoid fraud itself.

Legal grounds: compliance with laws that require us to conduct these activities.

  • To ensure website content is relevant: to ensure that content from our website and platform is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers.

Legal grounds: legitimate interests (to allow us to provide you with the content and services on our website and platform)

  • To transfer data to potential third parties (including sub-contractors) and disclose it to anti-fraud organisations and law enforcement or regulatory agencies anywhere in the world if required as described in the paragraph regarding Sharing data abroad below.

Legal grounds: legitimate interests (to ensure the quality of services); compliance with laws that require us to conduct these activities.


5         Who we share your personal information with

    • We share your personal information outside our organisation with our suppliers or contractors, for the purposes described in this notice. They are bound by obligations of confidentiality.  Our suppliers and contractors include: data providers; IT and communications service providers; and maintenance service providers.

    • In addition, we may disclose information about you where required to do so by law, such as in connection with our regulatory obligations, any legal proceedings or prospective legal proceedings, law enforcement purposes, or in order to establish, exercise or defend our legal rights including providing information to others for the purposes of fraud prevention. In particular, we may share your personal information with the relevant regulators in connection with our obligations as a Market Data Provider or our obligation to provide Transaction Reporting information.

    • We may also disclose your personal information to the purchaser or prospective purchaser of our business which we are or are considering selling.

6         Security of your personal information

    • We will ensure that the personal information that we hold is subject to appropriate security measures. We maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with legal requirements.

    • Where you have set a password which enables you to access your account, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

7         Sharing data abroad

    • Where we transfer your personal information outs ide the UK, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the personal information, as some countries may not protect personal information in the same way as the UK. Broadly, these are:

      • The country to which we send the personal information may be approved by the UK for receiving personal information. All EU/EEA countries are approved by the UK.

      • The recipient may have signed a contract based on “standard contractual clauses” approved by the UK which require the recipient to protect your personal information;

      • we may be legally permitted to transfer your personal information outside the UK using other methods.

In all cases any transfer of your personal information will be compliant with applicable data protection law.

Please contact us as set out in the Contacting Us paragraph below if you would like to see a copy of the specific safeguards applied to the export of your personal information.


8         How long we keep your personal information

    • How long we keep your personal information will depend on our business needs and any legal requirements to keep the personal information in question. We retain personal data for as long as is necessary for the relevant purpose. There may also be laws that set out a minimum period for which we have to keep your personal information, even if we no longer need it for its purpose.

9         Your rights & contacting us

    • You have the right to request us to:

      • provide you with a copy of your personal information;

      • update any inaccuracies in the personal information we hold;

      • delete any personal information we no longer have a lawful ground to use;

      • where processing is based on consent, to withdraw your consent. This means we stop that particular processing, but it will not affect the validity of the processing based on your consent before you withdrew it;

      • to ask us to transmit the personal data you have provided to us, and we still hold about you to a third party electronically;

      • object to any processing based on the legitimate interests’ legal ground for reasons connected to your individual situation. However, we have the right to continue this processing if we believe we have a legitimate overriding reason to continue; and

      • restrict how we use your information whilst a complaint is being investigated.

    • Please note that there may be circumstances where the right you have requested does not apply or does not apply in full.

    • To make a request, please contact our DPO at

10    Right to stop marketing

    • You have the right to ask us not to process your personal information for direct marketing purposes at any time.

    • To exercise this right, you can click the “unsubscribe” option on any direct marketing email you receive from us or contact us at

11    Contact us

    • If you have any questions about this privacy notice or how we handle your personal information, you can contact our DPO at

    • If you are not satisfied with our use of your personal information or our response to you, you have the right to complain to the Information Commissioner’s Office:

12    Cookies notice


We are concerned about the privacy of any personal information you may provide to us through this Website. A “cookie” is a piece of information that is saved to your computer’s hard disk by the web server. Confirmation of your reading and accepting these terms and conditions will place a cookie on your computer’s hard disk. This will ease your navigation around this Website by not popping up these terms and conditions again during this browser session. The cookie is temporary and will be removed when you close your browser. The cookie is not used for any other reason. You are not obliged to accept a cookie that we send you, and you can modify your browser so that it will not accept cookies.


13   Changes to our Privacy Notice

    • We may update this notice from time to time. If we, we will update the date it was last changed below.

    • This notice was last updated on August 2022