OVEX Privacy Policy

OVEX Privacy Policy

(Version 1.0, last updated 2024-04-18)


This Policy (together with our terms of service found on our website “Terms of Service”) applies to:
  • your use and access of the Services online; and
  • your use and access of the OVEX Mobile Application “App” once you have downloaded or installed it on your device “Device”.

This Policy sets out the basis on which Personal Information that you provide or that we collect from you is processed by us.

The Policy is meant to be read with the Terms of Service and where there is inconsistency the Terms of Service take precedence.

Terms used in this Policy and defined in the Terms of Service carry their defined meaning. The terms “Personal Information” and “Personal Data” are analogous to one another.

Neither the Services nor the App is intended for children and no information relating to children is collected.


Depending on the Terms of Service applicable to you one of Ovex (Pty) Ltd, Chameleon Capital Ltd or Ovex EU (SAS) is the responsible party or controller, and is responsible for the processing of your Personal Information (together referred to as the “Company”, “we”, “us” or “our” in this Policy).

An information officer/ data protection officer (who is also the officer bearer) has been designated by the Company. If you have any questions about this Privacy Policy, please contact them using the details set out in 3 below.


Our full details are:

Full name:

Ovex (Pty) Ltd

Chameleon Capital Ltd

Ovex EU (SAS)

Registration number:



953 482 643

Registered address:


Unit 501 The Point

76 Regent Road

Sea Point

Cape Town 8005


18C-3107 av. des Hôtels

Québec (Québec)

G1W4W5 Canada


102 avenue des Champs-Élysées 75008 Paris


Website address:




E-mail address:




Phone number:

021 213 6839

(+27) 21 213 6839

(+27) 21 213 6839

Officer bearer:

Jonathan Brian Ovadia

Jonathan Brian Ovadia

Luc Philip Varejes


You have the right to make a complaint at any time to the information regulator in respect of Personal Information protection issues.


We keep our Privacy Policy under regular review and may update it. We will notify you of any update by email or through your user account or any other accepted electronic means as directed by our Terms of Service.

The Personal Information we hold about you should be correct and current. Please keep us informed if your Personal Information changes during our relationship with you.


We may collect, use, store and transfer different kinds of Personal Information about you as follows:

  • Identity Information;
  • Contact Information;
  • Financial Information;
  • Transaction Information;
  • Device Information;
  • Usage Information;
  • Location Information.

We also collect, use, and share aggregated information such as statistical or demographic information for any purpose. Aggregated information could be derived from your Personal Information but is not considered Personal Information in the legal sense, as it does not reveal or tend to reveal your identity. For example, we may aggregate your Usage Information to calculate the percentage of users accessing a specific service, website or App feature. If we do combine or connect aggregated information such that it can directly or indirectly identify you, we treat the combined information as Personal Information which will be dealt with in accordance with this Policy.

We do not collect any Special Personal Information or Special Categories of Personal Information about you (this includes details about your religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information or criminal behaviour).


We collect and process the following information about you:

  • Information you give us. This is information (including Identity, Contact and Financial Information) that you consent to give us by completing forms through our website, the App or by corresponding with us (for example by email, chat or through our OTC facility). It includes information you provide when you register for a user account on our website or through the App. We keep records of all our correspondence.
  • Information we collect about you and your device. We collect Personal Information including Device Information and Usage Information when you visit our website or use the App. We collect this information using cookies and similar technologies.
  • Location Information. We also use GPS technology to determine your current location.
  • Information we receive from other sources including third parties and publicly available sources. At times we receive Personal Information about you from various third parties and public sources such as company registries, Google and search information and screening providers.


We use cookies and other tracking technologies to distinguish you from other users of the Services and to remember your website or App preferences. This helps us to provide you the best user experience when you use our Services.

The cookies we use are classified under the category of site navigation and authentication cookies and expire after 60 minutes (unless sessions are extended due to recent user activity).

The cookies do not store any Personal Information and are hardened with HTTPONLY and secure attributes.

Browser fingerprinting is used within cookies to prevent cookie theft and re-use on other devices.

Fingerprint data is not stored and all cookie data is encrypted and only ever decrypted on our backend systems.


We only use your Personal Information when we are legally allowed to do so and within a limited and defined scope. Most often we use your Personal Information where:

  • you have consented to its processing and we need to perform under our contract (the Terms of Service);
  • it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
  • we need to comply with a legal or regulatory obligation.


Purpose/ activity

Type of information

Lawful basis for processing

To open a user account and register you as a user of the Services (whether through our website or the App)

  • Identity
  • Contact
  • Financial
  • Device

Your consent

To process actions related to the Services (whether performed or initiated through our website, the App, chat or OTC facility)

  • Identity
  • Contact
  • Financial
  • Transaction
  • Device
  • Location

Your consent

To manage our relationship with you as a regulated business

  • Identity
  • Contact
  • Financial
  • Transaction
  • Device
  • Location

Your consent

Necessary for our legitimate interests

Necessary to comply with legal or regulatory obligations

To administer the Services and their delivery including troubleshooting, data analysis and system testing

  • Identity
  • Contact
  • Device
  • Location

Necessary for our legitimate interests

To monitor trends of your use of the Services and interaction with our website or the App

  • Identity
  • Contact
  • Device
  • Usage
  • Location

Necessary for our legitimate interests



When you use or access our Services you consent to providing us your Personal Information together with consent to share your Personal Information with the third parties set out below:

  • our banking and payment partners and group companies, in order for us to provide the Services;
  • financial intelligence, financial surveillance, central banks, law enforcement and tax authorities, in order for us to comply with our legal obligations.


We ensure that your Personal Information is protected by requiring all our group companies to follow the same processes and rules when dealing with your Personal Information.

Many of our external third parties and IT service providers (including cloud services and IT tools) are based outside of the country in which you are located, so their processing of your Personal Information is likely to involve a transfer of data outside of your country.

Whenever we transfer or hold your Personal Information out of your country, we ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer or hold your Personal Information in countries which have the same, similar or greater standards of protection with respect to the privacy and security of Personal Information as compared with your country.
  • Where we use certain service providers, we may use specific approved contracts which give Personal Information the same protection that it has in your country. We will always remain fully responsible for any actions of service providers we appoint who process your Personal Information.


All information that you provide to us is stored on secure servers. Any payment transactions and privileged user account actions are encrypted.

You are responsible for keeping your user account access credentials confidential. You must use all reasonable endeavours to prevent any unauthorised use and access to your user account, and in the event of any unauthorised use and access, you must notify us immediately.

We use strict procedures and security features to try to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way (including multisite backup, regular service maintenance, least privilege access with restricted access to information systems through secure password and multifactor authentication, confidentiality agreements with staff, use of encrypted communications facilities and offsite access via secure VPN).

We have procedures in place to deal with any suspected data breach and will notify you and any applicable regulator when we are required to do so. To be clear we will notify you without undue delay on becoming aware of any breach of your Personal Information.


As a regulated business, we must keep basic information about our users (including Contact, Identity, Financial and Transaction Information) for certain periods that are imposed on us by law. The length of these periods varies from country to country and where we operate. Generally, however, we will at your written request delete or return User Data and copies of it on termination of the relationship or closure of your user account unless required by law to retain the information or any parts of it.


Under certain circumstances, you may have the following rights under both Data Protection Laws and our Terms of Service about your Personal Information. These include rights to:

  • request access to your Personal Information;
  • request correction of your Personal Information;
  • request the erasure of your Personal Information;
  • object to the processing of your Personal Information;
  • request restriction of the processing of your Personal Information;
  • request the transfer of your Personal Information;
  • withdraw your consent.

You can clarify the extent of these rights in each case with us and when you seek to exercise them at any time by contacting us at compliance@ovex.io