Privacy Statement

The careful handling of your personal data is our highest priority. We value your trust and assure you that we handle your personal data very carefully.

LYNX ensures that personal data is collected, processed and used solely for the purpose specified.
Consents for e.g. the use of e-mail addresses and telephone numbers can of course be revoked at any time with effect for the future.

1. Who is the data controller?

LYNX is responsible for the processing of personal data. This privacy statement applies to all processing operations that LYNX performs with regard to personal data of clients, interested parties and other visitors to the website

Contact details:


Herengracht 527

1017 BV Amsterdam

The Netherlands

Contact details of DPO:


Data Protection Officer

Herengracht 527

1017 BV Amsterdam

The Netherlands


2. Which sources and data do we use?

We process personal data that we receive from our clients or other affected persons as part of our business relationship. In addition, we process – to the extent necessary for the provision of our services – personal data that we legitimately gain from publicly available sources (e.g. the internet) or which we obtain from other third parties (e.g., Worldcheck by Reuters).

Relevant personal data are particulars (name, address and other contact details, date and place of birth and nationality), identity data (e.g. identity card data) and authentication data (e.g. signature sample). In addition, this may include order data (e.g. deposit order, securities order), data from the fulfillment of our contractual obligations (e.g. turnover data from the transactions), information about your financial position (e.g. creditworthiness data, origin of assets), advertising and sales data (including advertising scores), documentation data (e.g. recording of telephone conversations) as well as other data comparable to the mentioned categories.

3. What is the purpose of processing data and on what legal grounds do we process your personal data?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR):

a. For the performance of contractual obligations (Article 6 (1) b GDPR)

The processing of data is carried out in order to provide and mediate financial services, as part of the execution of our contracts with our clients or to carry out pre-contractual actions, which are carried out on request. The purposes of data processing are primarily based on the specific agreement. Further details on the data processing purposes can be found in the relevant contract documents and terms and conditions.

b. For legitimate interests (Article 6 (1) f GDPR)

If necessary, we process your data beyond the actual performance of the contract for the protection of legitimate interests of us or third parties.


  • Data exchange with databases (e.g. Worldcheck) for the identification of politically exposed persons and potential clients, which can be found on sanction lists,
  • Review and optimization of analyses for direct marketing
  • Advertisements or market and opinion research, as long as you have not objected for us to use your data,
  • Asserting legal claims and defense in legal disputes,
  • Ensuring the IT security and IT operations of the company,
  • Prevention and investigation of criminal offenses,
  • Measures for business operations and further development of services and products,
  • Risk management within the company,
  • Creditors or insolvency administrators requesting foreclosures.


c. With your consent (Article 6 (1) a GDPR)

Insofar as you have given us consent to the processing of personal data for specific purposes (e.g. use of your e-mail address for advertising purposes and for the sending of newsletters), the legal basis for this processing is based on your consent.

A given consent can be revoked at any time. This also applies to the revocation of consent given to us before the entry in force of  the GDPR,  i.e. before 25.05.2018. The revocation of consent does not affect the legality of the data processed until the revocation.

d. Due to legal requirements (Article 6 (1) c GDPR) or in the public interest (Article 6 (1) e GDPR)

In addition, as an investment service provider, we are subject to various legal obligations, i.e. legal requirements as well as supervisory requirements. The purposes of the processing include identity and age checks, prevention of fraud and money laundering, the fulfillment of reporting obligations as well as the evaluation and management of risks within the company.

4. Collection and use of your personal data

Information that we receive from you helps us to customize our service and to constantly improve it. We use this information for the processing of your orders. We also use your information to communicate with you about orders, products, services, and marketing opportunities (see communications below by e-mail), as well as to update our records and maintain your client accounts with us and to recommend services that might interest you. We also use your information to improve our product offering and our platform, to prevent or detect misuse of our website or to enable third parties to carry out technical, logistical or other services on our behalf.

We collect the following information:

  • Information you provide us: we collect and store any information that you submit to our website or transmit to us in any other way. You give us information when you are looking for something, are consulting a course, are taking securities into your (sample) depot, are taking part in a raffle, are completing a questionnaire or are communicating with our customer service. For example, when you search for a product, place an order, or provide information in your personal data environment; if you communicate with us by phone, e-mail or otherwise; if you complete a questionnaire, attend a webinar, and use other service offerings that personally inform you of certain offers – e.g. LYNX Newsletter. Information you provide to us here may be your name, address, telephone number, account information, (sample) securities account holdings and watchlist contents. You may choose not to provide us with certain information, but this may result in you being unable to use many of our services/features.
  • Automated information: as soon as you contact us or visit our website, we store certain information. Among other things, we use – like many other websites – so-called “cookies” and receive information as soon as your web browser opens the LYNX website. Examples of information we collect and analyze include, in abbreviated form, the Internet Protocol (IP) address that connects your computer to the internet, e-mail receipt and read receipt, logins, e-mail addresses, computer information and internet connection such as browser type and version, operating system and platform as well as the complete Uniform Resource Locators (URL) clickstream to, through and from our website, that means the order of the pages of our internet site that you visit, including date and time, cookie number, and the products that you viewed or searched for.
  • E-mail communication: in order to make our e-mails more useful and interesting for you, we often receive a confirmation as to which e-mails from LYNX you open as far as your computer supports this function. If you do not wish to receive e-mails from us, please let us know via
  • Information from other sources: occasionally, we may also use information about you from other sources and add it to our information about your account. Examples of information we receive from other sources include updated information from suppliers that we use to update our database to ensure the sending of your next activity statement or other important documents and to ensure that we are able to communicate with you. Other examples include information about your potential status as a politically exposed person or the appearance on a sanction list that we use to detect misuse, particularly fraud, and to offer you certain financial services and payment methods.

5. Whom do we share your data with?

Within LYNX, only those departments that need access to your information in order to comply with our contractual and legal obligations will receive your data. Our service providers may also receive data for these purposes if they maintain confidentiality. These are companies in the categories of IT services, logistics, printing services, telecommunications and consulting as well as sales and marketing.

With regard to the transfer of data to recipients outside our company, it should first be noted that, as an investment service provider, we commit ourselves to confidentiality about all customer-related facts and valuations of which we become aware. In principle, we may only disclose information about you if statutory provisions require it, if you have given your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be:

  • Public authorities and institutions (e.g. Financial Supervisory Authority, tax authorities, law enforcement authorities) in the event of a legal or regulatory obligation

Other data recipients may be those to whom you have given us your consent to submit the data or to whom we may delegate personal information due to legitimate interests.

The services provided by LYNX include, among other things, establishing an agreement between you as a client and Interactive Brokers UK/Ireland. For this purpose, LYNX collects personal data from you which LYNX transfers to Interactive Brokers UK/Ireland for the purpose of concluding the contract (opening an account). LYNX has no influence on how Interactive Brokers UK/Ireland handles your data. We refer you to the Interactive Brokers Group Privacy Notice for a further description.

6. Is your personal data being transmitted to non-EU countries or international organizations?

A transfer of data to countries outside the European Union takes place, as far as

  • it is required to execute your orders (e.g. payment and transaction orders),
  • it is required by law (e.g. tax reporting obligations) or
  • you have given us your consent.

Furthermore, a transfer of data to authorities in third countries is provided in the following cases:

  • If required in individual cases, your personal information may be transferred to an IT service provider in the US or another third country to ensure the IT operations of the company in compliance with the European data protection level;
  • With the consent of the data subject or due to legal provisions to combat money laundering, terrorist financing and in other cases, personal data (e.g. legitimacy data) are transmitted in compliance with the level of data protection of the European Union in other criminal acts as well as in the context of a legitimate interests.

7. Cookies

Cookies are textual information (ASCII text) stored on your hard drive via your browser (e.g. Microsoft Explorer or Mozilla Firefox). If you visit the website again, which has passed the cookie to your browser, you will be recognized here and individually addressed.

To find out all about our use of Cookies, please see our Cookie Policy

8. How long is your personal data being stored?

We process and store your personal data as long as it is necessary for the performance of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed for years.

If the data is no longer required for the performance of contractual or legal obligations, it will be deleted at regular intervals, unless its – temporary – further processing is necessary for the following purposes:

  • Compliance with commercial and tax-related retention requirements: tax legislation, the Financial Supervision Act, the Money Laundering and Terrorist Financing Act. The retention periods are in most cases 5 years.
  • Preservation of evidence within the statutory limitation period.

9. Which rights do you have as a data subject?

Each data subject has the right of access under Article 15 of the GDPR, the right of rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR.

There is a right of appeal to a competent data protection supervisory authority.

You may revoke your consent to the processing of personal data at any time. This also applies to the revocation  of consents granted to us before the validity of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only works for the future. Processing that took place before the revocation is not affected.

Please note that the revocation only works for the future. Processing that took place before the revocation is not affected.

10. Do you have an obligation to provide data to us?

As part of our business relationship, you must provide us with the personal information that is required to establish, perform, and terminate a business relationship and to fulfil the associated contractual obligations or that we are required to collect by law. Without this information we will generally be unable to conclude or execute the contract with you.

In particular, according to the money laundering regulations, we are obliged to identify you prior to the establishment of the business relationship on the basis of your identity document and to record the name, place of birth, date of birth, nationality, address and identity card details. To enable us to fulfill this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and immediately notify us of any changes during the business relationship.

If you do not provide us with the necessary information and documents, we may not enter into or continue your desired business relationship.

11. Does any automated decision-making take place?

In principle, we do not use fully automated automatic decision-making pursuant to Article 22 GDPR to justify and implement the business relationship. If we use these procedures in individual cases, we will inform you about this separately, provided that this is prescribed by law.

12. Is there any Profiling?

We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:

  • Due to legal and regulatory requirements, we are committed to combating money laundering, the financing of terrorism and property-related offenses. At the same time, data evaluations are carried out. These measures also serve your protection.
  • In order to provide you with targeted information and advice on products, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.

13. Complaint to the Data Protection Authority

You have the right to submit a complaint to the competent Data Protection Authority:

 14. Right to object, Art. 21 GDPR

a. Case-specific right of objection

You have the right for reasons that derive from your special situation, to object at any time against the processing of your personal data resulting from Article 6 (1) (f) of the GDPR (data processing based on legitimate interests); this also applies to profiling based on this provision in senses of Art. 4 No. 4 DS-GVO, which we use for advertising purposes.

If you object, we will not further process your personal data unless we can do so for legitimate reasons which predominate your rights and freedoms or if the processing serves the assertion, exercise or defense of legal claims.

b. Right to object to the processing of data for direct marketing purposes

In individual cases, we process your personal data in order to carry out direct mailings. You have the right to object at any time to the processing of personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.The objection can be free of form and should be directed as far as possible to:


Data Protection Officer

Herengracht 527

1017 BV Amsterdam

The Netherlands


You can find a PDF of this privacy statement below.