Data Controller
The data controller responsible for your personal data is:
Markets IQ
Operations: Ciudad de México, México · Miami, Florida, USA
Privacy contact: contact@marketsiq.io
Website: marketsiq.io
For matters relating to European Union and United Kingdom residents, if a formal Data Protection Officer (DPO) is appointed, contact details will be updated here. All privacy requests should be directed to the email above.
Data We Collect
We collect only the minimum personal data necessary to provide our services and respond to institutional inquiries. We process personal data of representatives, employees, and directors of the financial institutions that engage with us.
- Identification data: Full name
- Professional contact data: Institutional email address
- Professional and institutional data: Name of your financial institution or fund, your role or professional profile (Buy-Side / Sell-Side / Corporate / Regulatory), and any specific analytical requirements you describe voluntarily
- Technical data: IP address, browser type, operating system, referring URL, pages visited, time and date of visit
- Session preferences: Language preference stored in sessionStorage (not a persistent cookie; cleared when the browser session ends)
- We do not collect sensitive personal data (special categories under GDPR, or datos sensibles under Mexican law), such as health information, political opinions, racial or ethnic origin, or biometric data
- We do not collect financial account numbers, payment card data, or personal investment account information through this website
- We do not knowingly collect data from individuals under 18 years of age
Purposes of Processing
- To identify, validate, and authenticate the institutional profile of the requesting party
- To schedule, coordinate, and follow up on technical sessions and quantitative financial engineering briefings
- To assess technical feasibility and propose engagement structures appropriate to your institution's profile
- To provide technical support and institutional communication
- To fulfil contractual obligations arising from service engagements
- To comply with applicable legal and regulatory obligations
- To send market perspectives, institutional analyses, and technology updates produced by Markets IQ
- To improve our website and services through aggregated, anonymised analytics
You may object to secondary purposes at any time by contacting us at contact@marketsiq.io.
Legal Basis for Processing
We rely on the following legal bases for processing personal data. Where multiple bases apply, we identify the primary basis for each activity.
| Processing Activity | Legal Basis (GDPR / Equivalent) |
|---|---|
| Responding to an institutional inquiry submitted via our contact form | Legitimate interests (Article 6(1)(f) GDPR) — processing is necessary to respond to a business request; performance of pre-contractual measures (Article 6(1)(b)) |
| Scheduling and conducting technical briefings | Performance of a contract / pre-contractual steps (Article 6(1)(b) GDPR) |
| Sending institutional research and market updates | Legitimate interests (Article 6(1)(f) GDPR); consent where required by local law |
| Website analytics (aggregated, anonymised) | Legitimate interests (Article 6(1)(f) GDPR) |
| Language preference (sessionStorage) | Strictly necessary for website functionality — no consent required |
| Compliance with legal obligations (tax, financial regulation, court orders) | Legal obligation (Article 6(1)(c) GDPR) |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your data protection rights. You have the right to object to such processing at any time (see Section 8).
Data Sharing and Disclosure
We do not sell, rent, or trade personal data to third parties. We disclose personal data only in the following limited circumstances:
- Service providers: Technology vendors who assist us in operating our website and services (cloud hosting, email delivery, analytics), bound by data processing agreements and confidentiality obligations. These processors act only on our documented instructions.
- Professional advisors: Legal, accounting, or compliance advisors under professional confidentiality obligations
- Legal requirements: Regulatory authorities, courts, or law enforcement agencies when required by applicable law or valid legal process, including obligations under Mexico's CNBV and CONSAR regulations where applicable
- Business transfers: In the event of a merger, acquisition, or sale of assets, subject to appropriate confidentiality protections and notification to affected individuals
We require all third-party processors to implement appropriate technical and organisational security measures consistent with their obligations under applicable data protection law.
International Data Transfers
Markets IQ operates across Latin America and the United States. Personal data may be transferred between our operational locations (Mexico City and Miami) and to cloud infrastructure providers.
Where we transfer personal data from the EU or UK to countries not recognised as providing adequate protection, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK equivalent (International Data Transfer Agreement). A copy of the applicable transfer mechanism may be requested at contact@marketsiq.io.
Processing of data of Brazilian residents is conducted under the applicable legal bases established by the LGPD. Where data is transferred outside Brazil, such transfers are made in compliance with Chapter V of the LGPD, relying on international data transfer agreements, consent, or global corporate policies as appropriate.
Portfolio data, credit data, and other sensitive financial information provided by institutional clients is hosted on cloud infrastructure in LATAM-region data centres (AWS São Paulo, Google Cloud Mexico, or equivalent). Such data does not leave the LATAM region without explicit written client authorisation.
Retention Periods
We retain personal data only for as long as necessary for the purposes described in this Notice, or as required by law.
| Data Category | Retention Period | Basis |
|---|---|---|
| Contact form submissions (pre-engagement) | 24 months from last contact | Legitimate interests; statutory limitation periods |
| Client engagement data (active clients) | Duration of relationship + 5 years | Contractual and legal obligation |
| Financial records and audit trails | 5–10 years depending on jurisdiction | Tax, financial regulation (CNBV, CVM, IRS, SAT) |
| Website analytics data (anonymised) | 26 months rolling | Legitimate interests |
| Session language preference | Browser session only (sessionStorage) | Strictly necessary functionality |
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised.
Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any right, submit a written request to contact@marketsiq.io with proof of identity. We will respond within the statutory deadline applicable to your jurisdiction.
Access (Art. 15)
Obtain confirmation of whether we process your data and receive a copy of it.
Rectification (Art. 16)
Have inaccurate or incomplete personal data corrected without undue delay.
Erasure (Art. 17)
Request deletion of your data where there is no legitimate purpose for continued processing.
Restriction (Art. 18)
Request that processing be limited pending resolution of accuracy or objection issues.
Portability (Art. 20)
Receive your data in a structured, machine-readable format and transmit it to another controller.
Objection (Art. 21)
Object to processing based on legitimate interests or for direct marketing purposes.
Response deadline: 30 days (extendable to 90 days for complex requests with notification). You also have the right to lodge a complaint with your national supervisory authority.
- Acceso: Request access to your personal data held by us
- Rectificación: Request correction of inaccurate or incomplete data
- Cancelación: Request deletion of your data when no longer necessary
- Oposición: Object to the processing of your data for specific purposes
Response deadline: 20 business days from receipt of request, as established by the LFPDPPP.
- Confirmation of the existence of processing; access to your data
- Correction of incomplete, inaccurate, or outdated data
- Anonymisation, blocking, or deletion of unnecessary or non-compliant data
- Portability of data to another service provider
- Deletion of data processed with your consent
- Information on entities with which data has been shared
- Information on the possibility of denying consent and the consequences
- Revocation of consent
Response deadline: 15 days as directed by the ANPD.
- Access: Know, update, and rectify your personal data
- Revoke the authorisation granted and request deletion of data, provided no legal or contractual obligation requires its retention
- File complaints with the Superintendencia de Industria y Comercio (SIC)
- Access, correction, deletion, and blocking of personal data
- Objection to processing where applicable
- Complaint to the Consejo para la Transparencia or the competent authority
- Access, rectification, deletion, and confidentiality of personal data
- File actions of Habeas Data before competent courts
- Complaint to the Agencia de Acceso a la Información Pública (AAIP)
Cookies and Tracking Technologies
Our website uses minimal tracking technologies:
| Technology | Purpose | Storage | Duration |
|---|---|---|---|
| sessionStorage (language preference) | Remembers your chosen language (EN/ES) to prevent unwanted redirects | Browser only — never transmitted to our servers | Browser session only — cleared on close |
| Basic analytics (if implemented) | Aggregate, anonymised website performance data — no individual tracking | Server-side aggregation only | 26 months rolling, then deleted |
We do not use advertising cookies, third-party tracking pixels, social media tracking, or behavioural profiling technologies. We do not share any browsing data with data brokers or advertising networks.
The sessionStorage language preference does not constitute a "cookie" under ePrivacy Directive definitions as it is not transmitted to our servers and is cleared at session end. No consent banner is required for this functionality.
Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:
- TLS 1.3 encryption for all data transmitted between your browser and our servers
- Encryption at rest for all stored personal data
- Access controls and role-based permissions limiting data access to authorised personnel
- Regular security assessments and vulnerability testing
- Incident response procedures and breach notification protocols consistent with applicable law (72 hours for GDPR; applicable LGPD and LFPDPPP timelines)
- Data hosted on enterprise-grade cloud infrastructure in LATAM-region data centres
No method of transmission over the internet or electronic storage is completely secure. While we take commercially reasonable precautions, we cannot guarantee absolute security.
Jurisdiction-Specific Provisions
Processing of personal data of EU and UK residents is carried out in accordance with Regulation (EU) 2016/679 (GDPR) and, for UK residents, the UK GDPR as retained in domestic law by the Data Protection Act 2018. If you are an EU or UK resident and believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with the supervisory authority in your Member State of residence.
The processing of personal data of Mexican residents is conducted in strict compliance with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), its Regulations, and the Privacy Notice Guidelines issued by the INAI. This document constitutes the Aviso de Privacidad Integral of Markets IQ as required by the LFPDPPP.
To exercise ARCO rights or revoke consent, send your request to contact@marketsiq.io. Include your full name, proof of identity, the data subject to your request, and any additional information facilitating localisation of your data. We will respond within 20 business days.
For secondary purposes (market communications), you may indicate your objection by emailing us at any time. This will not affect the primary service relationship.
The processing of personal data of Brazilian residents is conducted in compliance with the Lei Geral de Proteção de Dados Pessoais (LGPD — Law 13.709/2018) and regulations issued by the Autoridade Nacional de Proteção de Dados (ANPD). Our primary legal bases for processing are legitimate interests (Art. 10 LGPD) and, where applicable, contractual necessity (Art. 7(V) LGPD) and legal obligation (Art. 7(II) LGPD). Brazilian residents may lodge complaints with the ANPD at www.gov.br/anpd.
The treatment of personal data of Colombian residents is conducted in accordance with Ley 1581 de 2012 and Decree 1377/2013. Data subjects may contact us to exercise their rights, update their data, or revoke authorisation. Complaints may be filed with the Superintendencia de Industria y Comercio (SIC). We treat Colombian personal data only upon obtaining prior, express, and informed authorisation from the data subject, except where an exemption under applicable law applies.
The treatment of personal data of Chilean residents is conducted in compliance with Ley 19.628 sobre Protección de la Vida Privada and, as applicable, with Ley 21.719 (Chile's modernised data protection framework). Data subjects may exercise their rights as described in Section 8 and may file complaints with the competent supervisory authority designated under Chilean law.
The treatment of personal data of Argentine residents is conducted in compliance with Ley 25.326 de Protección de los Datos Personales and its regulatory decree. Argentine residents have the right to access, rectify, and delete their data free of charge every six months. The Agencia de Acceso a la Información Pública (AAIP) is the competent authority for complaints: www.argentina.gob.ar/aaip.
Contact and Complaints
For any question, concern, or request relating to this Privacy Notice or the processing of your personal data, please contact us:
Markets IQ — Privacy Unit
Email: contact@marketsiq.io
Subject line: "Privacy Request — [Your Jurisdiction]"
We aim to acknowledge all requests within 5 business days and resolve them within the statutory deadline applicable to your jurisdiction.
| Jurisdiction | Authority | Website |
|---|---|---|
| EU Member States | Your national Data Protection Authority (DPA) | edpb.europa.eu |
| United Kingdom | Information Commissioner's Office (ICO) | ico.org.uk |
| Mexico | Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) | inai.org.mx |
| Brazil | Autoridade Nacional de Proteção de Dados (ANPD) | gov.br/anpd |
| Colombia | Superintendencia de Industria y Comercio (SIC) | sic.gov.co |
| Chile | Consejo para la Transparencia / Competent data authority | consejotransparencia.cl |
| Argentina | Agencia de Acceso a la Información Pública (AAIP) | argentina.gob.ar/aaip |
We may update this Privacy Notice to reflect changes in our practices or applicable law. Material changes will be notified via a prominent notice on our website. The date of the most recent revision appears at the top of this document. We encourage you to review this Notice periodically.