LMX
 ← Back

Privacy Policy

Information about the collection and processing of your personal data in accordance with Art. 13 GDPR

Last updated: December 2025

1. Controller

The controller responsible for data processing on this website is:

LMX Trade

2. Collection and Storage of Personal Data

2.1 Visiting our Website

When you visit our website, information is automatically transmitted to our server by the browser used on your device. This information is temporarily stored in a so-called log file. The following information may be collected automatically:

  • • IP address (anonymized whenever technically possible)
  • • Date and time of access
  • • Name and URL of the accessed file
  • • Website from which access occurs (referrer URL)
  • • Browser and operating system used
  • • HTTP status codes

Processing is based on Art. 6 para. 1 lit. f GDPR, on the basis of our legitimate interest in ensuring system stability and security.

2.2 Contact Form and Email Contact

When you contact us via the contact form or email, we store your information, including the contact details you provide, for the purpose of processing your inquiry and handling follow-up questions.

Data processing is carried out pursuant to Art. 6 para. 1 lit. b GDPR if your inquiry relates to a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR in efficient inquiry handling.

2.3 Registration and Use of Our Dashboard

When creating a user account and using our copytrading dashboard, we process the following data:

  • • Name
  • • Email address
  • • Password (encrypted)
  • • MetaTrader account number
  • • Selected trading strategy
  • • Usage data within the dashboard

Processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (prevention of abuse).

Handling of Broker Credentials

Your broker access credentials are required solely for the automated execution of the agreed copytrading strategy. These credentials are:

  • • stored encrypted (AES-256 or equivalent),
  • • stored on servers in the United States (Spaceship.com hosting),
  • • accessible only to strictly limited, role-based personnel,
  • • never stored in plaintext.

Upon account deletion or termination of the contract, this data is permanently and irrevocably deleted.

Your broker access credentials will never be shared with third parties and are used exclusively for the technical execution of the copytrading strategy you have activated.

3. Disclosure of Data

Your personal data will not be transferred to third parties except in the following cases:

  • • You have given explicit consent (Art. 6 para. 1 lit. a GDPR),
  • • Disclosure is necessary to assert, exercise, or defend legal claims (Art. 6 para. 1 lit. f GDPR),
  • • There is a legal obligation (Art. 6 para. 1 lit. c GDPR),
  • • Disclosure is necessary for fulfilling contractual obligations (Art. 6 para. 1 lit. b GDPR).

Payment Service Providers:
We process payments using:

  • • PayPal (Europe) S.a.r.l.
  • • Stripe Payments Europe Ltd.
  • • WooPayments (Automattic Inc., USA)

These providers process your payment information exclusively for contract fulfillment.

Data processing with all service providers that handle personal data on our behalf is governed by Data Processing Agreements (DPAs) in accordance with Art. 28 GDPR to ensure a high level of data protection.

3.1 Transfer of Personal Data to Third Countries (USA)

Our hosting provider, Spaceship.com, is located in the United States. Therefore, personal data may be transferred to the USA. The USA is considered a third country without an adequate level of data protection under the GDPR.

To ensure the protection of your data, we apply:

  • • Standard Contractual Clauses (SCCs) under Art. 46 GDPR,
  • • additional technical protection measures such as encryption and restricted access.

Despite these measures, access by U.S. authorities cannot be completely ruled out. By using our services, you explicitly consent to this transfer (Art. 49 para. 1 lit. a GDPR).

Broker credentials and trading data are stored exclusively in encrypted form and are not transmitted to third parties. Transfers to the United States occur solely for technical hosting purposes and only under the protection of Standard Contractual Clauses (SCCs) and additional safeguards.

4. Cookies and Web Analytics

4.1 Cookies

We use necessary cookies as well as cookies for analytics (Matomo) and cookie preference storage. Necessary cookies are stored based on Art. 6 para. 1 lit. f GDPR. Analytics cookies are only set with your consent (Art. 6 para. 1 lit. a GDPR).

4.1.1 Cookie Consent (Consent Management)

We use the open-source Cookie Consent tool by Pixelbrackets to store and manage your cookie preferences.

On your first visit, a cookie banner appears where you can select which categories of cookies may be used.

You may withdraw or modify your consent at any time.

4.2 Matomo (formerly Piwik)

We use Matomo, an open-source web analytics tool. Matomo uses cookies to help analyze how visitors use our website.

The information generated by these cookies is stored on our analytics server at analytics.lmx-trade.com. Your IP address is anonymized before storage.

Processing is based solely on your consent (Art. 6 para. 1 lit. a GDPR).

Opt-Out: You may disable Matomo tracking below:

5. Data Security

We use SSL encryption during your visit to ensure the secure transmission of your data. All personal data — especially broker access credentials — are stored exclusively in encrypted form.

Important: Your capital always remains with your broker (IC Markets). LMX Trade never has access to your funds.

6. Your Rights

You have the following rights under the GDPR:

Right of Access (Art. 15 GDPR)

You may request information about the personal data we process about you.

Right to Rectification (Art. 16 GDPR)

You may request correction of incorrect data.

Right to Erasure (Art. 17 GDPR)

You may request deletion of your data unless legal reasons prevent it.

Right to Restrict Processing (Art. 18 GDPR)

You may request that your data be processed only to a limited extent.

Right to Data Portability (Art. 20 GDPR)

You may request your data in a structured, commonly used, machine-readable format.

Right to Object (Art. 21 GDPR)

You may object to data processing based on legitimate interests.

Right to Withdraw Consent (Art. 7 para. 3 GDPR)

You may withdraw your consent at any time with effect for the future.

Right to Lodge a Complaint (Art. 77 GDPR)

You may lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully.

7. Storage Duration

Unless explicitly stated otherwise, personal data will be deleted as soon as the purpose of storage no longer applies and no legal retention periods prevent deletion.

Specific Retention Periods

  • • Broker credentials: Deleted no later than 30 days after termination of the contract.
  • • Contact & support requests: Stored up to 24 months.
  • • Log & usage data: Stored for 30 days.
  • • Contract & payment data: Stored up to 10 years (statutory requirements).

If data cannot be deleted because legal obligations require retention, processing will be restricted (data blocking).

8. Changes to this Privacy Policy

We reserve the right to adapt this Privacy Policy to comply with updated legal requirements or to reflect changes to our services.

Questions about Data Protection?

For questions regarding the processing or use of your personal data, please contact:

Subject: Privacy Inquiry