Skip to main content
Greenwich Mean Time: May 30, 2026 7:18 am

Privacy and Policy

PRIVACY POLICY

Effective Date: 22 May 2026
Last Reviewed: 22 May 2026


1. PURPOSE
This Privacy Policy (the “Policy”) sets out principles and procedures adopted by OTC International Limited (“OTC International”, “us”, “we”, “our”) on how we use and protect any information that you give OTC International when you use this website (the “Website”).
OTC International is committed to ensuring that your privacy is protected and to handling Personal Data in accordance with the applicable data protection laws of Seychelles (Seychelles Data Protection Act 2023) and the General Data Protection Regulation (GDPR), where applicable. Should we ask you to provide certain information by which you can be identified when using this Website, then you can be assured that it will only be used in accordance with this privacy statement. This Policy fosters transparency and trust in how we handle sensitive information.


2. SCOPE
This Policy applies to persons anywhere in the world who access or use our Website (“Users”). The Policy applies to Personal Data that we collect, use, store, and disclose, in the course of our business operations and forms an integral part of our commitment to complying with the applicable data protection laws, when you:
● visit our website,
● interact with our team,
● communicate with us through any channel, or
● engage with our services.


3. DEFINITIONS
● Data Subject – The identified or Identifiable Natural Person to whom Personal Data relates. This includes, but is not limited to, visitors, clients (potential or existing), partners, and any individual who accesses the Website.
● Identifiable Natural Person – A natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their biological, physical, biometric, physiological, mental, genetic, economic, cultural, or social identity.
● Personal Data – Any information referring to an identified or Identifiable Natural Person, including, but not limited to: legal name; contact details (e.g., emails, phone numbers, addresses); certain device information (IP address, geographic location data, pages visited, time spent, cookie data, etc); application and onboarding documents; and financial or payment-related information.
● Personal Data Breach – A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data collected, received, transmitted, stored or otherwise processed. This includes, but is not limited to, unauthorised access by third parties or internal staff, accidental sending of data to the wrong recipient, loss or theft of devices or physical files containing Personal Data, or malware attacks, ransomware, or system intrusions affecting data integrity or availability.
● Processing – Any operation performed on personal data, which may include but is not limited to its collection, storage, use, transfer, or deletion.
● Information Commission means the Seychelles Information Commission or any other competent authority responsible for data protection supervision under applicable Seychelles data protection law.


4. DATA COLLECTION AND USE
4.1. We collect and process Personal Data, that you provide voluntarily, only where the Processing is lawful, fair, and necessary for one or more specific, explicit, and legitimate purposes, including, but not limited to:
● Client Onboarding and Compliance;
● Platform Access and Communication;
● Identity verification (e.g., via tools like Sumsub);
● Send you communications that will be of interest to you based on your previous interactions with us.
● Allow you to participate in any interactive features of our Website services;
● Maintain and improve our Website services and keep them safe and secure; or
● Personalise and improve the Website services, including to provide or recommend features, content, social connections, referrals, and advertisements, in accordance with your preferences, to the extent permissible by law.

4.2. We may receive Personal Data from third parties, including social media platforms, partners, etc, that shall be used for specific and lawful purposes set forth in this Policy.

4.3. We do not sell Personal Data under any circumstances. Personal Data is not shared with third parties or used for any purpose outside the original scope, unless the Data Subject has provided consent, the Processing is necessary for our legitimate business purposes, the disclosure is required for legal, regulatory or compliance purposes, or the Processing is otherwise permitted under applicable law.

5. DATA STORAGE AND SECURITY
We implement appropriate technical and organisational measures in order to safeguard Personal Data against any form of unauthorised access, alterations, loss, or destruction, which include, but are not limited to:
● Encryption of Personal Data at rest and in transit;
● Use of technical safeguards such as multi-factor authentication (MFA), secure access logs, and intrusion detection systems;
● Access control mechanisms based on roles, responsibilities, and legitimate business needs;
● Regular audits and reviews of data security practices; and
● Vetting and use of third-party service providers (such as Sumsub and Google Workspace), which implement security measures consistent with the applicable law and international standards.


6. RETENTION PERIODS
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with applicable legal, regulatory, contractual, accounting, or reporting obligations as per the applicable Seychelles laws. The retention period may vary depending on the nature of the Personal Data and the purpose of Processing. Once the applicable retention period expires, or where the Personal Data is no longer required, we will securely delete, destroy, or anonymise such data in accordance with applicable Seychelles laws and industry standards, ensuring that it cannot be accessed, reconstructed, or used to identify any individual.


7. DATA ACCESS AND RIGHTS
7.1. We uphold the rights of Data Subjects in accordance with the applicable laws and shall respond to all reasonable and lawful requests without undue delay.
a. Right of Access to Personal Data:
Upon written request, a Data Subject has the right to obtain from OTC International, free of charge, a copy of the Personal Data undergoing Processing in electronic form and any available information as to its source.
b. Right to Rectification of Personal Data:
A Data Subject has the right to request the correction of inaccurate or otherwise outdated Personal Data in order to keep information truthful and current. We will ensure said data is rectified promptly upon receiving the valid request and any associated supporting documents as and when required.
c. Right to object Processing:
To object to the Processing of your Personal Data where such Processing is based on the company’s legitimate interests, including for direct marketing purposes.
d. Right to Erasure of Personal Data:
Upon request, a Data Subject has the right to require the firm to erase their Personal Data, wherein:
● The Personal Data is no longer necessary for the purposes it was collected and/or processed;
● A Data Subject has withdrawn consent to the Processing where said consent was the legal basis for Processing;
● The Processing is unlawful, or the erasure of Personal Data is required to comply with applicable laws and regulations; or
● A Data Subject objects to the Processing, and there are no overriding legitimate grounds for OTC International to continue Processing.7.2. Data Subjects have the right to lodge a complaint with the Information Commission where they believe that their Personal Data has been processed in breach of applicable Seychelles Data Protection law.
7.3. Such Requests by the Data Subject can be sent to: info@otc-intl.com.


8. PERSONAL DATA BREACHES
In the event of a Personal Data Breach, we will take immediate and appropriate steps to:
● Assess and contain the breach through identifying its nature, cause, scope, and impact on Personal Data;
● Mitigate any risks arising from the breach, including steps to protect and secure affected systems or data in order to prevent further unauthorised access;
● Notify affected Data Subjects, where applicable, and without undue delay; and
● Maintain an internal record of all data breaches, including those not required to be notified.


9. POLICY REVIEWS
This Policy is reviewed annually and updated as needed to reflect changes in regulations or operational practices. Details of which are highlighted at the top of this document. This Policy is reviewed annually and updated as needed to reflect changes in regulations or operational practices. If we make significant changes in the way we treat your Personal Data, or to this Policy, we will endeavour to provide you notice through the Website or by some other means, such as email. Your continued use of the Website after such notice constitutes your acknowledgment to the changes.

CONTACT:
For questions or requests, please contact info@otc-intl.com.

Skip to content