This Privacy Policy describes how Skye Marketing Experts, operating under the commercial name Meridian Funded ("we", "us"), collects, uses, discloses and protects your personal data when you visit meridian-funded.com or use any of our services. We comply with the EU General Data Protection Regulation (GDPR), the UAE Personal Data Protection Law (PDPL, Federal Decree-Law No. 45 of 2021), the UK Data Protection Act 2018, and other applicable privacy frameworks.
1. Data Controller
The data controller responsible for the processing of your personal data is:
Skye Marketing Experts (trading as Meridian Funded)
Marasi Drive, Dubai, United Arab Emirates
Email: privacy@meridian-funded.com
Data Protection Officer (DPO): dpo@meridian-funded.com
2. Data We Collect
We collect the following categories of personal data:
Identity and Contact Data
- Full legal name, date of birth, nationality, country of residence;
- Email address, telephone number, postal address;
- Government-issued identification (passport, national ID, driving licence) for KYC purposes;
- Proof of address (utility bill, bank statement) for KYC purposes.
Financial Data
- Billing information, transaction history, payment method (tokenised by our PSPs);
- Cryptocurrency wallet addresses when used for payouts.
Trading and Usage Data
- Trading history on simulated accounts, login timestamps, IP addresses, device and browser identifiers;
- Pages visited, features used, and interactions with our support team.
Marketing and Preferences Data
- Newsletter subscriptions, cookie consent choices, opt-in communications.
3. How We Collect It
We collect personal data directly from you when you register, purchase an Evaluation, contact support, subscribe to our newsletter or participate in our programs. We also collect data automatically through cookies and similar technologies (see our Cookie Policy) and from third parties such as identity verification providers, payment service providers, fraud prevention networks and sanctions screening databases.
4. Legal Basis and Purposes
We process your personal data on the following legal bases and for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Services and managing your account | Performance of a contract |
| KYC, AML and sanctions screening | Legal obligation / Legitimate interest |
| Processing payments and payouts | Performance of a contract |
| Customer support and communications | Performance of a contract / Legitimate interest |
| Marketing (newsletter, product updates) | Consent (Art. 6(1)(a)) |
| Analytics and service improvement | Legitimate interest / Consent (cookies) |
| Fraud prevention and platform security | Legitimate interest |
| Compliance with court orders, regulators | Legal obligation |
5. Data Sharing
We do not sell your personal data. We share personal data only with:
- Service providers acting on our behalf under confidentiality agreements (cloud hosting in AWS eu-central-1, payment processors, KYC/AML providers, email platforms, analytics tools);
- Regulators and authorities where required by law or a valid court order;
- Professional advisers (lawyers, auditors) bound by professional secrecy;
- Acquirers in the event of a merger, acquisition or asset sale, with appropriate confidentiality safeguards.
6. International Transfers
Your personal data may be transferred to, and processed in, countries outside your country of residence, including within the European Economic Area and the United Arab Emirates. When we transfer personal data from the EEA/UK to a country that is not subject to an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards under UAE PDPL. A copy of such safeguards can be obtained from our DPO.
7. Retention
We retain your personal data only as long as necessary for the purposes described above:
- KYC/AML records: 5 years after account closure (legal requirement);
- Financial and transaction records: 7 years after the transaction;
- Trading history: duration of the account + 2 years;
- Marketing data: until you withdraw consent or 3 years of inactivity;
- Support correspondence: 2 years after the closure of the ticket.
After the applicable retention period, data is securely deleted or irreversibly anonymised.
8. Your Rights
Subject to applicable law, you have the following rights in respect of your personal data:
- Right of access — obtain confirmation of whether we process your data and a copy thereof;
- Right to rectification — correct inaccurate or incomplete data;
- Right to erasure ("right to be forgotten") — request deletion where there is no overriding legal ground for us to keep it;
- Right to restriction — limit the processing under specific circumstances;
- Right to portability — receive your data in a structured, machine-readable format;
- Right to object — object to processing based on legitimate interests or direct marketing;
- Right to withdraw consent at any time, without affecting the lawfulness of prior processing;
- Right to lodge a complaint with a competent supervisory authority (your local DPA in the EEA, the ICO in the UK, or the UAE Data Office).
To exercise your rights, email dpo@meridian-funded.com. We will respond within 30 calendar days.
9. Security
We implement industry-standard technical and organisational measures to protect your personal data, including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access control, multi-factor authentication for staff, regular penetration testing, security monitoring, and staff training on data protection.
No transmission over the internet is 100% secure. In the unlikely event of a data breach affecting your rights and freedoms, we will notify you and the competent authority within 72 hours of becoming aware, as required by GDPR Art. 33 and 34.
10. Cookies
We use cookies and similar technologies described in detail in our Cookie Policy. Non-essential cookies are set only after you provide consent via our cookie banner.
11. Children
Our Services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.
12. Automated Decision-Making
Some features of our platform use automated processing (risk scoring, fraud detection, KYC screening). When such automated processing results in a decision that produces legal or similarly significant effects on you (such as refusing registration), you have the right to request human review and to contest the decision by contacting our DPO.
13. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to you by email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
14. Marketing Communications
We send marketing communications (newsletters, product announcements, educational webinars, promotional campaigns) only to Users who have explicitly opted in. Each message contains a clear unsubscribe link at the footer, and you may withdraw your consent at any time by clicking it or by emailing privacy@meridian-funded.com. Withdrawal of marketing consent does not affect service-related communications necessary to operate your account.
Where permitted by law, we may use your email address to display lookalike audiences or custom audiences on advertising platforms such as Meta, Google, TikTok and LinkedIn. Email addresses are hashed (SHA-256) prior to being uploaded to these platforms so that advertising partners cannot identify you as an individual Meridian Funded user. You may object to this processing at any time by contacting our DPO.
15. Processors and Sub-Processors
We rely on carefully selected service providers to deliver our Services. A non-exhaustive list of our main sub-processors is maintained and available upon request:
- Amazon Web Services (AWS), Frankfurt (eu-central-1) — infrastructure hosting;
- Stripe, Inc. and Stripe Payments UK Ltd — card payment processing;
- Sumsub Ltd — KYC / AML identity verification;
- Google Ireland Ltd — Google Analytics 4, Google Workspace;
- Hotjar Ltd, Malta — product analytics and session replay;
- Meta Platforms Ireland Ltd — advertising conversion tracking;
- Intercom Inc. — customer support messaging;
- Brevo (Sendinblue) — transactional and marketing email delivery;
- Rise Works Inc. — Rise payout network (where used);
- Fireblocks Inc. — custody and routing of crypto payouts.
Each sub-processor is bound by a written data processing agreement that includes confidentiality, security, audit and breach-notification obligations in line with GDPR Art. 28. Changes to our sub-processor list are communicated to customers with an active Funded Account at least 30 days in advance, except where confidentiality or security concerns require immediate action.
16. Do Not Track and Global Privacy Control
Our website does not currently respond to browser "Do Not Track" signals, due to the lack of an agreed-upon industry standard. However, when our website detects a Global Privacy Control (GPC) signal from your browser, we treat it as a withdrawal of consent to non-essential cookies and a request to opt out of the sale or sharing of personal data where such categories apply under applicable law.
17. California and Other US State Residents
Although we do not offer our trading evaluation Services to US residents, visitors from California and other US states may browse our public website. Subject to applicable law (CCPA/CPRA, Colorado Privacy Act, Virginia VCDPA, Connecticut CTDPA and equivalent), you may have specific rights, including the right to know, delete, correct, and opt out of sale or targeted advertising. Requests can be submitted to privacy@meridian-funded.com. We do not knowingly sell personal data of minors under 16.
18. UAE PDPL-Specific Rights
UAE residents benefit from additional rights under Federal Decree-Law No. 45 of 2021 (PDPL) and its Executive Regulations, including the right to be informed of processing, to object to profiling and to lodge a complaint directly with the UAE Data Office. Our DPO handles PDPL requests in English or Arabic, as preferred.
19. Contact
For any question, request or complaint regarding this Privacy Policy, contact:
Data Protection Officer
Skye Marketing Experts (Meridian Funded)
Marasi Drive, Dubai, UAE
Email: dpo@meridian-funded.com
Privacy enquiries: privacy@meridian-funded.com
You may also lodge a complaint with your local supervisory authority:
- EEA residents: your national Data Protection Authority (list available on edpb.europa.eu);
- UK residents: Information Commissioner's Office (ICO) at ico.org.uk;
- UAE residents: UAE Data Office via the UAE Government portal;
- Other jurisdictions: your local data protection authority as applicable.