Xcoins.com, owned and operated by CF Technologies Ltd. (“Xcoins.com”, “the Company ” “we ” or “ US ”), respects the privacy of the users of our platform (the “Platform ”) and/or our website at Xcoins.com (the “Site ”), and is committed to protect the personal information that users share with us in connection with the use of our Platform and/or Site (collectively – the “ Service ”).
- Data Controller
- Data Protection Principles
- Your Consent
- Which information may we collect on our users?
- How do we collect information on our users?
- What are the purposes of the collection of Personal Information?
- Disclosing your Personal Data
- Changes to your Personal Data
- Sharing Information with Third Parties
- Retention of Personal Information
- International Transfers
- Minors Policy
- Management of Cookies
- Data Subject and Data Subject (Your) Rights
- Third Party Websites
1). Data Controller
We, as the Data Controller, are responsible for deciding the way we collect, process and manage the personal information collected from our users. We may, in certain circumstances, deliver services in partnership with other entities. In such events, we will be a Joint Controller with the other entity.
For general contact, please send us an email on [email protected] or use of our live chat as directed from our Website address www.xcoins.com
Our Compliance Officer is responsible for compliance within the GDPR and is responsible for matters relating to Privacy and Data Protection. The Compliance Officer may be reached on [email protected] or by calling using International telephone number +1 305 946 1796 or toll free for US 888-712-6467.’
2). Data Protection Principles
We are committed towards compliance within the applicable Regulations. If we need to collect, use or store Your personal data, we will abide by the following data protection principles.
The processing of personal data shall take place in a lawful, fair and transparent manner. Collection of personal data shall only be performed for specified, explicit and legitimate purposes and shall not be further processed in a manner which renders it incompatible with those purposes. The collection of personal data shall only be adequate, relevant and limited to what is necessary in relation to the purpose for which it is being processed. The personal data shall be accurate and where necessary kept up to date. Having regard to the purpose for which personal data is processed, the Company shall take every reasonable step to ensure that inaccurate personal data is erased or rectified without undue delay. Personal data shall be kept in a form which permits identification of the data subject, for no longer than is necessary for the purpose for which the personal data is processed. Personal data shall be kept confidential and stored in a manner which ensures appropriate security. Personal data shall not be shared with third parties except when necessary and with a justifiable legal basis.
3). Your Consent
4). Which information may we collect on our users?
We collect two types of information from our Users:
- The first type of information is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via the User’s use of the Service and/or the transactions carried out in connection with the Service, as applicable (“Non-Personal Information”). We are not aware of the identity of the User from which the Non-personal Information was collected.
- Non-Personal Information which is being collected consists of technical information and aggregated usage information, and may contain, among other things, the User’s operating system, type of browser, screen resolution, browser and keyboard language, the User’s ‘click-stream’ on the Service and activities on the Service, the period of time the User visited the Service and related timestamps, etc.
- Non-Personal Information shall be gathered by us in order to perform preliminary examinations of the users’ transactions before enabling such users to use the Service.
- For the avoidance of doubt, any Non-personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists.
- The second type of information is information that identifies or may identify an individual with reasonable efforts (“Personal Information”). Personal Information which is being gathered may consist of the following:
- The User’s IP address, as well as other persistent device identifiers, which is automatically recorded from the User’s device and used mainly for enhancing the User’s experience and for geolocation, personalization, security and fraud prevention purposes, as further detailed below.
- In the event that following the preliminary examinations of Non-personal Information as noted above, such user is determined as qualified to use the Service (as shall be determined in our sole discretion), then after clicking the Service button the User will be requested to fill out the registration form available on the Service, and such User will be required to provide certain information such as his/her contact details, including the following:
- Full name
- Physical Address
- E-mail address
- Copy of a government-issued ID (such as a passport or driver’s license) – this is collected as means for official proof of identity
- Details regarding the government-issued ID, such as the number, issuing country and expiration date;
- Country of residence
- Date of birth
- Billing address
- Wallet ID (if applicable)
- Credit card details – however, please note that such data is transmitted directly to our trusted third party payment processors. We do not retain the full details of the credit card.
- Any additional required information in order to render the Service.
- Please note that without providing the above information you may not be able to complete the transaction.
- In addition, we also collect the User’s publicly-available social network information, provided that the User has an existing third-party social network account (namely, a Facebook or Google account) (“SN Account”) registered under the same name and/or e-mail provided by User when registering to the Service.
- In the event a User registers to the Service or otherwise grants us with certain access permissions to his/her SN Account, the third-party social network(s) operating such SN Account(s) may provide us with certain information about the User, as is stored in and/or made available by the User through his/her SN Account and in accordance with the permissions granted to us by the User. For example, such information may consist, as applicable and/or made available by the User, of the User’s name, public profile picture URL address, SN Account User ID, e-mail address, date of birth, gender, occupation or work information, education and other information which the User made public.
- In addition, we may also collect the behavior of the User on our Services, which includes keystrokes, recording of mouse movements and other activities in our Services.
- Any Personal Information provided voluntarily by the User via its use of the Service, such as the User’s e-mail address in order to be contacted (and any additional information related to such contacts), transaction details provided through use of the Service, and/or other actions performed by the User in connection with the Service.
- We also collect additional data from third-party sources regarding the User. This includes the User’s credit rating and other information available through publicly available credit card blacklists and official limited bank account lists, as well as non-public information provided by credit rating agencies, banks or other organizations.
Please note that the Personal Information we collect is required in order for us to contractually provide the Services, as well as for us to meet our legal and regulatory requirements (such as Anti-Money Laundering and Know-Your-Customer regulations), and to safeguard our legitimate interests. In the event that you will not provide such information, we may not be able to provide our Services.
5). How Do We Collect Information on Our Users?
We use the following methods of collection:
- We collect Non-Personal Information through your use of the Service and/or the transactions carried out in connection with the Service. In other words, when you are using the Service, we may be aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
- We collect Non-Personal Information and Personal Information through publicly available sources. For example, we collect certain information about you through your publicly available SN Account(s) information, publicly available credit card blacklists and official limited bank account lists, and other online public information.
- We obtain Personal Information from third-party services We obtain Personal Information from third-party services
- We collect Personal Information which you provide us voluntarily. For example, we collect Personal Information required to use the Service by completing the registration form and/or contacting us directly.
We store the Personal Information either independently or through the help of our authorized third-party service providers as detailed below.
6). What are the Purposes of the Collection of Information?
We collect Non-Personal Information and Personal Information in order to:
- Provide and operate the Service, including for risk analysis, billing, and other aspects relating to carrying out the transactions performed by the Users (such as identity authentication, payment processing, and charge-backs);
- Analytics, statistical and research purposes;
- Detect, prevent, or otherwise address fraud, security or technical issues (such as identity theft or financial fraud);
- Meet our regulatory requirements, such as Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) and Combatting Financing Terrorism (“CFT”) regulatory requirements.
- Enable us to further develop, customize and improve the Service based on Users’ common preferences and uses;
- Create and provide our business partners and affiliates with aggregated statistical data;
- Direct marketing purposes – we may use the contact details you provided us to send you promotional offers or communications; you may withdraw your consent via sending a written notice to Xcoins.com by email to the following address [email protected] or in the same manner as the advertising was transmitted to you (e.g. via email or SMS messaging), or by following the unsubscribe instructions included within the promotional offer or communication.
- Respond to User’s support requests;
- Satisfy any applicable law, regulation, legal process, subpoena or governmental requests;
- Enable us to provide our Users with a better user experience, with more relevant Content, features, and functionalities, and with technical assistance and support; and
- Protect the rights, property, or personal safety of the Company, any of its Users, or the general public;
- Abide by any applicable law.
7). Disclosing your Personal Data
We also undertake that we will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties and who provide elements of services from us. In this regard, we have agreements in place with our data processors, binding them not to do anything with your personal data unless we have instructed them to do so. Such agreements also cover the requirement of holding the personal data securely and retain it for the period that we instruct them.
There are circumstances where we are legally bound to share information such as when we are required to cooperate with the Authorities or Regulatory bodies. In such situations, we will ensure that we have a lawful basis to do so.
We may disclose information to third parties in connection with the above-mentioned purposes in the circumstances that the requirement falls under an applicable legal basis.
8). Changes to your Personal Data
The personal information we hold about you shall be current and accurate. If any of your personal information changes, it is within your responsibility to update us.
As required by Law, you bind yourself to furnish us with recent suitable documentation for confirmation, on a regular basis, upon our verbal request. These may be required for KYC and due diligence purposes and to allow us to correctly perform the terms of our engagement, as per our internal operating procedures in force at the time.
9). Sharing Information with Third Parties
The Company discloses Personal Information in the following cases:
- With acquiring and card issuing banks;
- With third-party authentication vendors (such as identity verification vendors) and other data sources (such as geolocation services);
- With our service providers (such as cloud computing companies);
- In order to fulfill the purposes stated above, including to satisfy any applicable law, regulation, legal process, subpoena or governmental request;
- Respond to claims that any content available on the Service violates the rights of third-parties;
- When the Company, or any of its affiliates is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets.
All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. Processing your personal data with our third parties is limited for specified purposes and in accordance with our legal binding agreements.
10). Retention of Personal Information
The Company will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations, such as for KYC (Know Your Customer) and AML (Anti-Money Laundering) purposes. In this regard, we retain your personal data for as long as it is within the applicable laws, to enforce our contractual agreements and if needed, for the exercise and defence of legal claims.
We undertake to review your personal data that we collect, process and store and will delete or anonymise it in a secure manner when it is no longer needed to be retained in terms of legal, business or customer need.
If for any reason you wish to delete your Personal Information stored with us and identifying to you, please send us an e-mail to [email protected] and we will make reasonable efforts to address your request.
Where possible, we specify the periods for which your personal data will be retained in advance. The retention period is determined based on the following criteria:
- the purpose/s for which your personal data has been collected;
- whether there are any statutory obligations, obliging us to continue to process your information;
- whether we have a legal basis in place to continue processing your personal data, including but not limited to your consent;
- value attached to your information;
- whether there are any industry practices stipulating the term that the personal data shall be retained for;
- the cost, liability and risk of such retention;
- any other applicable circumstances.
11). International Transfers
Information provided to us may be shared with third parties situated in other European Economic Area (‘EEA’) Member States and in countries outside the EEA.
To use the Service, you must be over the age of eighteen (18). The Company does not knowingly collect Personal Information from children under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the Service. In the event that it comes to our knowledge that a person under the age of eighteen (18) is using the Service, we will prohibit and block such User from accessing the Service and will make all efforts to promptly delete or effectively anonymize any Personal Information stored with us with regard to such a user.
When you access or use the Service, we may use industry-wide technologies such as “cookies” or similar technologies, which stores certain information on your computer and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless.
We may also use certain third-party tracking technologies like Google Analytics. These are a different kind of cookies, stored on your computer by third parties, rather than by us. This kind of tracking technology is deployed or used each time you visit the Service, and also when you visit certain websites or applications that use similar cookies.
How to manage your cookie settings
Please note that we do not recognize or respond to automated browser signals regarding Tracking Technologies, including “Do Not Track” requests. However, there are various ways in which you can manage and control your cookie settings. Please remember that, by deleting or blocking cookies, some of the features of the Services may not work properly or as effectively.
- Turning off cookies via your web browser
Most web browsers will provide you with some general information about cookies, enable you to see what cookies are stored on your device, allow you to delete them all or on an individual basis, and enable you to block or allow cookies for all websites or individually selected websites. You can also normally turn off third-party cookies separately. Please note that the settings offered by a browser or device often only apply to that particular browser or device.
- Information about cookies is usually found in the “Help” section of the web browser. Below are some links to some commonly used web browsers:
- Internet Explorer and Microsoft Edge
- Mozilla Firefox
14). Data Subject and Data Subject (Your) Rights
Data Subject refers to You, as the individual who can be directly or indirectly identified through the information collected and processed Us.
As a Data Subject, you have a number of rights in relation to your personal data. The Company respects your privacy rights and will endeavour to abide by such rights to the extent that they apply and where the processing of your data is applied.
Your rights include:
- the rights to be informed and the right to access your personal data that is being collected, processed and stored;
- the rights to amend, delete your personal data;
- the rights to object and restrict processing of your personal data;
- the rights to know about the existence of automated decision making and data portability;
- the right to lodge a complaint with the Office of Information and Data Protection and/or seek judicial remedy in those cases where you believe that your data protection rights have been infringed
- the right to withdraw your consent.
If you reside in the EU or in another location that affords you with the below rights, you may contact us at any time at [email protected] and request:
- To access (including asking for supplementary information), delete, change or update any Personal Information relating to you (for example, if you believe that your personal information is incorrect, you may ask to have it corrected or deleted);
- That we will restrict or cease any further use of your Personal Information;
- That we will provide the Personal Information you volunteered to us in a machine-readable format.
Please note that these rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations (such as KYC and AML regulations).
If you have any general questions about the Personal Information that we collect about you how we use it, please contact us at [email protected] Any requests received will be given appropriate consideration within the time periods required by the data protection legislation. We also exert the right to request from you a proof of your identity, prior to processing your request. In this way, we ensure that the personal data is not disclosed to unauthorised third parties. We may require additional information in relation to such requests in order to speed up the response process. We reserve our right to withhold your personal data, if disclosing it would adversely affect the rights and freedom to others.
We take great care in implementing and maintaining the security of the Service, and our Users’ Personal Information. The Personal Information is hosted on Amazon Web Services, which provides advanced security features. The Company employs industry standard procedures and policies to ensure the safety of its Users’ Personal Information, and prevent unauthorized use of any such information. In addition, in order to safeguard the privacy expectation of the Users, Our Merchant Processing Partner is Payment Card Industry Data Security Standards (“PCI DSS”) certified. Please note that while we take reasonable measures to safeguard your personal data, we cannot fully guarantee its security.
16). Third-Party Websites
18). Have Questions?
This service is supplied by CF Technologies Ltd.
- CF Technologies
- Phoenix Business Centre, The Penthouse, Old Railway Track, Santa Venera SVR9022