About this Policy
This Policy explains our practices with respect to the Personal Data we collect and process in connection with your relationship with us, including as a director, officer, employee, job applicant, agency worker, intern, agent, contractor, supplier, consultant, third party representative, business partner, sponsor or as a user of our website or social media page.
Your Personal Data
We may collect Personal Data from you and about you from a variety of sources. This includes, but is not limited to:
through business relationships that you or your organization maintain with us;
through your employment relationship or application for employment with us;
information we gather from third parties, including government agencies, credit agencies and KYC due diligence platforms;
through “cookies” on our website; and
through publicly-available sources, including websites, social media, public forums and public databases.
The Personal Data we collect from you and about you includes, but is not limited to:
identity data, such as first name, last name, citizenship, gender, national identification card / number and passport details, and photograph;
contact information, such as your name, email address and phone numbers,
financial and payment-related data, such as bank account details, particularly in relation to our payment related functions;
your background, such educational history, knowledge, skill and abilities, professional and other work-related licences, permits and certifications held, work history and experiences;
your IP or server IP address, basic domain information, internet service provider, the date, time and duration of your visit to our website;
records of your communications with us; and
any other information of a similar nature that is necessary for us to manage our working relationship or that is otherwise necessary for the purposes described in this Policy.
In addition, we use “cookies” on our Website to track website visitorship, usage and experience, which are small data files containing information you have supplied yourself, which will assist us in improving your experience and navigation in the Website, and may enable features in the Website to fully function. If you do not wish to receive any cookies, you may set your browser to disable it.
We strive to only collect Personal Data that is adequate, relevant, and limited to achieve the purpose(s) for which it was collected. In addition, we strive to keep all Personal Data accurate, complete, and reliable for its intended purpose, and we only retain your Personal Data for as long as necessary to achieve the purpose(s) for which it was collected.
If you do not provide your Personal Data (including by disabling cookies), you may do so but we may not be able to: (a) communicate with you; (b) process your requests; (c) provide to you the services that you may require, or (d) enable all features in the Website to function.
How we use your Personal Data
We may use and process your Personal Data in accordance with applicable law for different purposes, including:
to carry out our business with you or the business with which you are associated, including negotiation, execution and management of contracts;
communicating with you to support our relationship with you and the business with which you are associated, including providing customer or technical support services, and accounting and billing services;
contacting the persons you have provided the Personal Data of, such as emergency contacts, verification and identification, general administrative and record-keeping;
to support our marketing, product and service development activities and recruiting;
conducting investigations and providing information to regulatory and governmental authorities for compliance with statutory and government requirements;
for compliance with the law and such other purposes that are required or permitted by any laws, regulations, guidelines or circulars;
legal proceedings or anticipated legal proceedings; establishing, exercising or defending our rights;
complying with health and safety legislation, to protect the vital interests (e.g. life, death, health or security) of another person;
to analyse the use of our website by you in order to develop and enhance the services we may provide to you and the business with which you are associated; and
general business and operational support.
Storage and disclosure of your Personal Data
The Personal Data we have collected from you may be recorded and stored in digital or electronic format and physical copies. Digital and electronic copies of your Personal Data are stored in our servers, while physical copies are stored in secured cabinets within the offices of our operations department and/or relevant department. Access to information is limited to our operations and relevant department personnel, to the extent that they require your Personal Data for the relevant purposes.
Generally, we may disclose your Personal Data to third parties as follows:
- We may share your Personal Data with our affiliated companies.
- We may share your Personal Data with third parties when you ask us to do so or for purposes related to the services we render to, the transactions we carry out with or the business functions we perform for you.
- We may share your Personal Data with our contracted service providers, suppliers and third-party processors, such as third-party accounting and HR service providers acting on our behalf and under our instructions. These providers are authorised to use your Personal Data only as necessary to provide us with their services.
- We may share your Personal Data as we deem necessary for other business purposes in accordance with applicable law.
We will not sell your Personal Data to any third parties, whether for monetary or other valuable consideration, and have never done so in the past. If we disclose your Personal Data as outlined above, we do so to facilitate the relevant services or our employment relationship with you and not for direct remuneration. Where we engage any service provider that will require access to and use of Personal Data to provide certain services for and under our instructions, we take reasonable steps to ensure such service provider complies with applicable data protection and privacy laws.
We, however, reserve the right to disclose your Personal Data if required to do so by law, in the good faith belief that such action is reasonably necessary to comply with applicable law, legal process, or to protect the rights, property, or safety of Xenith IG, its employees, customers, or the public.
Cross-border transfer of your Personal Data
Considering the global reach of our business, we may transfer your Personal Data between our affiliated companies in different regions, including locations where the data privacy legislation may differ from that in your country or jurisdiction. In addition, we may transfer your Personal Data to certain other third parties, as outlined in paragraph 4 above, to a region where the data privacy legislation may differ from that in your country or jurisdiction.
However, in transferring your Personal Data outside the country, we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring your Personal Data. We shall implement safeguards required under applicable laws and regulations when transferring your Personal Data, including measures to ensure that your Personal Data is protected to an equivalent level of protection to the laws of your country or jurisdiction where necessary.
Legal bases for processing your Personal Data
We process your Personal Data for, or based on, one or more legal bases as set out under applicable laws, including:
- Your Consent: We process your Personal Data in accordance with the consent you have given us. You may withdraw your consent at any time.
- Performance of a Contract: We may use your Personal Data to enter into, or perform under, the agreement between us and you or the business with which you are associated.
- Legitimate Interests: We may use your Personal Data for our legitimate interests, including improving our services; providing information about our products and/or services; preventing and detecting fraud; ensuring network and information security; and for administrative and legal compliance purposes.
- Public Interests and Protection of individuals: We may use your Personal Data where necessary for the public interest, or otherwise to protect you and other individuals from certain harm or to protect your vital interests.
- Compliance with Legal Obligations: We may use your Personal Data to comply with applicable law and our legal obligations.
How we protect your Personal Data
We employ reasonable and appropriate physical, technical, and organisational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of your Personal Data. These safeguards include: (i) the encryption of personal information where we deem appropriate; (ii) the deployment of technical safeguards; (iii) taking steps to ensure Personal Data is backed up and remains available in the event of a security incident; and (iv) periodic testing, assessment and evaluation of the effectiveness of our safeguards.
However, no method of safeguarding information is completely secure. While we use measures designed to protect your Personal Data, we, unfortunately, cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that internet data transmission is not always secure, and we cannot warrant that the information you transmit to us is or will be secure.
How long we retain your Personal Data
We retain your Personal Data for only as long as necessary to carry out the processing activities described in this Policy, including but not limited to: (i) provide services to you or to the business with which you are associated; (ii) enter into or perform contracts with you or with the business with which you are associated; (iii) comply with applicable laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies; and (iv) protect our rights, property, or safety, and the rights, property, and safety of our customers, users, and other third parties.
Depending on applicable laws, you may be entitled to a variety of legal rights regarding the collection and processing of your Personal Data. These rights may include:
- the right to know whether, and for what purposes, we process Personal Data;
- the right to be informed about the Personal Data we collect or process about you;
- the right to learn the source of the Personal Data about you that we process;
- the right to access, modify or correct Personal Data about you;
- the right to know with whom we have shared your Personal Data, for what purpose, and what Personal Data has been shared;
- where the processing of Personal Data is based on your consent, the right to withdraw your consent to such processing for one or more of the purposes stated in this Policy;
- the right to request the review, update, deletion or removal of certain Personal Data we process about you; and
- the right to lodge a complaint with a regulator, including relevant supervisory authorities, located in the jurisdiction of your residence, place of work or where an alleged violation of law occurred.
You may exercise these rights, to the extent they apply to you, by contacting us as outlined in the “Contact us” section in paragraph 11 below. We will endeavour to respond to a valid request relating to your rights within one month of receipt, or within three months where a request is complex or challenging.
Changes to this Policy
We reserve the right to change the terms of this Policy at any time. If we do make changes, though, we will take steps to indicate that the Policy has been updated on our website.
If you have any query or complaint about this Policy, or would like to submit a request regarding your Personal Data or exercise your rights, you may at any time contact our Legal and Compliance Department at email@example.com.