XChangeX is a virtual currency exchange operator and a virtual currency wallet operator.
Any information stored on the XCHANGEX platform is treated as confidential. All information is stored securely and is accessed by authorized personnel only. XCHANGEX implements and maintains appropriate technical, security, and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft, or disclosure.
This policy applies where we are acting as a data controller with respect to the personal data of our website/platform users and clients; in other words, where we determine the purposes and means of the processing of that personal data.
As a User/Client, you can refuse to receive direct marketing communications and limit the publication of information.
For the purposes of this Policy, XCHANGEX defines the term “User”, - “Client” or “You, Your, Yourself” as a natural or legal person, either a user of www.xchangex.com website or as the client with a trading account at XCHANGEX. The term “we”, “us”, “our” refers to XCHANGEX.
2. Collection and use of information
The following sections cover the specifics of each of the two groups from which data is collected: users of the website and clients of our services.
2.2 Website Users and Collection of Users Data
If you are a User of our website only, and not a Client of our Services or the XCHANGEX platform otherwise, then this section is relevant for you.
If you do not agree with the Terms set out herein, we ask you to not visit this website www.xchangex.com. In cases when required by the applicable law, we will ask for your explicit consent to process Personal Data, which shall be collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website may not be possible or may be limited.
XCHANGEX may add information collected by way of page view activity. Furthermore, XCHANGEX may collect and process Personal Data that you voluntarily and with your consent give to XCHANGEX in our website’s forms, such as when you sign up for information and newsletters. You can unsubscribe from the newsletter by opening one of XCHANGEX’s e-mails, which you received, and clicking “unsubscribe” at the bottom of the page. You can also send us an e-mail to email@example.com and ask us to unsubscribe you.
If you provide XCHANGEX with your social media details, XCHANGEX may retrieve publicly available information about you from social media. XCHANGEX uses such information for a better user experience.
Such Personal Data may comprise your IP address, first and last name, postal and email address, telephone number, job title, data for social networks, areas of interest, interest in XCHANGEX service as well as information as to the type of relationship that exists between XCHANGEX and yourself. This information is collected for the purpose of improving user experience.
XCHANGEX gathers data about visits to the website, including numbers of users and their visits, geo-location data, length of time spent on the site, pages clicked on or where users came from.
2.2.1 Purpose of processing personal data
XCHANGEX uses the collected data to communicate with Users, customize content for Users, show ads on other websites to Users, and improve its website by analyzing how Users navigate its website. XCHANGEX will process all Data to monitor and improve the website and Services.
2.2.2 Sharing and storing personal data
XCHANGEX may also share such information with service vendors or contractors in order to provide a requested service or transaction or in order to analyse the Visitor behaviour on its website.
The data that we collect from you is stored within the territories of the European Union. Automatically collected data (Google Analytics) by third parties may be stored outside the EU.
By visiting this website, we will ask you to agree to the following two types of cookies:
- Mandatory cookies: Mandatory cookies otherwise known as First-party cookies enable the main website functions. These cookies are set by the website you’re visiting. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.
- These Mandatory/First-party cookies include cookies that set your display preferences, such as browsing language, contrast colour, font size, device used, search results preferences, and notification preferences. Without the Mandatory/First-party cookies, the website cannot function properly.
- Statistics cookies: Analytical cookies otherwise known as Persistent cookies allow us to improve the website by collecting and providing information about its usage. These are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser.
2.2.4 Links to other websites
In order to provide services to its Clients, XCHANGEX collects certain types of data from them. This section will describe how Clients` data is collected and used by XCHANGEX. Data entered or transferred into XCHANGEX by Clients such as texts, questions, contacts, media files, etc., remain the property of the Client and may not be shared with a third party by XCHANGEX without express consent from the Client.
XCHANGEX will process your account data you provide when you open an XCHANGEX account, perform transactions on the XCHANGEX platform, or use other XCHANGEX Services. This information may include:
- Contact information, such as name, home address, email address, date and place of birth, and mobile phone number.
- Account information, such as username and password.
- Financial information, such as bank account numbers, bank statements, and trading information.
- Identity verification information, such as text or an image of your government-issued ID, passport, national ID card, and under special conditions also a social security number.
- Residence verification information, such as utility bill details, phone bills, or similar documents.
The source of the account data is provided by a client who opens an account. The account opening data will be used and processed for the purposes of performing a detailed Know Your Customer (Hereinafter: KYC) procedure according to necessary Anti-Money Laundering and Anti-Terrorist Regulations.
Users are visitors of the XCHANGEX website and therefore their Personal Information is collected as described in the previous section 2.2 “Website Users, collection of Users Data” This Personal Information will be used for operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with Users.
XCHANGEX will use clients’ e-mail, phone number, and residential address for communication purposes with clients regarding: login, registration, transactions, orders, safety requirements, notifications about safety measures, reminders about the status of orders, transactions, client profile level, and other necessary communication with client. The client will also receive occasional notifications about new token listings and other promotions.
2.3.2 Collection of User Data
During a Client’s registration at the XCHANGEX exchange platform, Clients provide information such as name, company name, email, address and nationality (registered seat of the legal entity), bank account, ID number, and image of the ID document, date and place of birth, personal picture, phone number, utility bill, and other relevant data.
The Clients Data shall be collected and processed by a third party Sum and Substance LIMITED with its registered office at Suite 1, 5 Percy Street, Fitzrovia, London England, W1T 1DG (hereinafter Sum and Substance) and MoneySwap OU with registered address Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Kopli tn 27, 10412 . Sum and Substance is a trusted partner of XCHANGEX for collecting and processing Clients data on behalf of XCHANGEX. Sum and Substance is an experienced identity verification company that will process Personal Data for the purposes of the necessary KYC/AML procedures. Sum and Substance will obtain and process all the above-stated Personal Data and run KYC/AML procedures and ensure compliance with the relevant AML legislation. MoneySwap OU is a company with activity license Number FVT000118 for the provision of a virtual currency service and a trusted partner of XCHANGEX. XCHANGEX might share or transfer relevant Personal Data in part or entirely to MoneySwap OU.
If you wish to stop receiving marketing communications from us, please contact us at firstname.lastname@example.org to opt-out.
XCHANGEX will not retain Client data longer than is necessary to fulfill the purposes for which it was collected or as required by the applicable laws and regulations.
In the course of its activity, XCHANGEX shall also communicate with the clients via the telephone using the telephone numbers given in the identification process. Communication will serve for the purpose of verifying the credibility of the client account, thereby strengthening the platform’s security, strengthening the brand, informing clients about new offers and events, about new issues of tokens and direct sales of XCHANGEX services.
2.3.3 Geographical location of processing Personal Data
All Personal Data, which will be collected and processed within the KYC procedure by Sum and Substance and XCHANGEX are stored on servers in European data regions. Such Personal Data is not transmitted to other Data Regions.
XCHANGEX has servers in European data regions. An XCHANGEX “Data Region” is a set of data centers located within a defined geographical area where Client data is stored. Personal Data is not transmitted to other Data Regions. For XCHANGEX Clients, all accounts are located in the XCHANGEX European Data Region, all Personal Data is processed in the EEA.
It has to be noted that XCHANGEX is a platform that offers buying, selling, and storing virtual currencies. Trading virtual currencies takes place on the blockchains (Ethereum, Bitcoin, etc.) which are decentralized database software platforms for virtual assets. Blockchains are a list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash of the previous block, a timestamp, and transaction data. By design, a blockchain is inherently resistant to modification of the data. Therefore Data cannot be modified or deleted, since there are no servers involved. Data is dispersed among computers all around the world in an encrypted version.
If you trade virtual currencies you agree that your Personal Data may be collected, stored, and processed and that you will not be able to delete it or invoke the right to be forgotten. Your data is encrypted, meaning they are coded (anonymized). Note that also encrypted personal data that is your e.g. crypto wallet address with XCHANGEX can still be traced back to a person if enough effort is put into it by experts or someone holds the key to decryption. With trading virtual assets via XCHANGEX platform you expressly agree to give your Personal Data on the (public) blockchain that this Data (even though encrypted) cannot be deleted and that Personal Data may be transferred outside European territory.
You acknowledge and expressly agree that by the nature of the technology, it is not possible to delete personal data from the blockchain and invoke the right to be forgotten. You also agree that by the nature of the technology, it is not possible to keep personal data within the EU borders.
188.8.131.52 Processing in accordance with General Data Protection Regulation
The processing of Personal Data is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25th, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and our processing will take place in accordance with the GDPR.
XCHANGEX processes Personal Data as a Controller, as defined in the Directive and the GDPR:
XCHANGEX, UAB which you as a User entered an agreement with when using XCHANGEX’s platform as a User, will be the Controller for Users data, as outlined above in “Collection of Users data” section 2.2
For Clients data, as outlined in the “Collection of Clients data” section, XCHANGEX will be the Controller in accordance with GDPR. The client data shall be processed by a third-party Processor – Sum and Substance, to Collect and process Clients data on behalf of XCHANGEX. Sum and Substance is an experienced identity verification company that will process Personal Data for the purposes of the necessary KYC/AML procedures. Sum and Substance will obtain and process clients: name, surname, address, residency, date and place of birth, ID number, clients’ picture, email, phone number, utility bill, and other personal information. Sum and Substance is a certified ID verification company having sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject.
XCHANGEX has data processing agreements in place with its providers, ensuring compliance with GDPR. All hosting is performed in accordance with the highest security regulations. All transfers of data internally is done in accordance with this data processing agreement.
XCHANGEX adheres to the Directive of 1995 and the GDPR from May 25th, 2018. Consequently, XCHANGEX processes all data provided by its Users with accounts in its European Data Region, in the European Union, EGS, and Switzerland only.
3. Retention and deletion of Personal Information
XCHANGEX will not retain data longer than is necessary to fulfill the purposes for which it was obtained for or as required by applicable laws or regulations.
XCHANGEX is required to comply with Law VIII-275 Republic of Lithuania on the Prevention of Money Laundering and Terrorist Financing, which requires XCHANGEX to store Personal Data for eight years from the date of termination of the business relationships with the Client.
Users and clients can request a list of his or hers personal data. In case you wish to obtain such data send an e-mail to email@example.com. You will receive the list within one month of receiving your request by XCHANGEX.
4. Acceptance of these Conditions
In case of a change in the types or purpose or processing procedure of your personal data, XCHANGEX will ask for your consent if required by EU and national regulations.
5. Legal Obligations to Disclose Personal Information
5.1 Disclosure to prevent damage and disclosure to legal authorities
We will reveal client’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to XCHANGEX or to others who could be harmed by the client’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when we have good reason to believe that this is legally required and when the competent authorities have required to present them with such Personal Information.
6. Data Protection Officer
XCHANGEX has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following email: firstname.lastname@example.org
7. Security of Personal Information
We use a variety of security measures to ensure the confidentiality, integrity, availability, and privacy of your Personal Information and to protect your Personal Information from loss, theft, unauthorized access, misuse, alteration or destruction. These security measures include, among others:
- Password-protected directories and databases.
- Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely.
- Vulnerability Scanning to actively protect our servers from hackers and other vulnerabilities.
- Regular penetration testing.
- Secure coding principles.
- Encryption of sensitive data during transfer and at rest.
- 2-factor authentication.
- Logging of activities performed in the platform.
- Access controls and
- other measures to mitigate risks identified during the risk assessment process.
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorized XCHANGEX personnel are permitted access to your Personal Information, and this personnel is required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
8. Access right to your personal information
You have the right to access your Personal Information to correct, update, and block inaccurate and/or incorrect data. To exercise this right, contact us at email@example.com.
9. Information, Complaints and Contact Information
If you have any further questions regarding the data XCHANGEX collects, or how we use it, then please feel free to contact us by email at: firstname.lastname@example.org
All personal data are processed in accordance with the General Data Protection Regulation (EU) 2016/679, Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts.
You have a right to lodge a complaint with supervisory authority, to enforce your rights, as specified above. You can find out how to do this at the State Data Protection Inspectorate (VDAI) https://vdai.lrv.lt/en/ or European Data Protection Supervisor https://edps.europa.eu/.