EFFECTIVE DATE: May 8, 2023
WHAT IS THE PURPOSE OF THIS PRIVACY NOTICE?

Xpansiv Limited and each of its subsidiaries and affiliates (collectively known as ’Xpansiv’, ‘we’ and ‘us’) are committed to protecting the privacy and security of your personal information. The purpose of this privacy notice is to explain how we process your personal information so that you understand what we do with it, who we share it with and your rights in connection with that data. The processing we undertake may include the collection, storage, modification, access or destruction of personal information, and may be completed manually or through automatic means.

Personal information (also referred to as ‘personal data’ or ‘data’) means any information that can be used to identify you, your device, or, if you live in California, your household. This includes direct identifiers such as your name and contact details, but also indirect identifiers such as data that we may collect from the electronic device that you use to access our services.

In the European Union, United Kingdom and other jurisdictions with laws governing the collection and use of personal information, Xpansiv is referred to as a “data controller”. This means we are responsible for deciding how we hold and use personal information about you.

If you have any questions about this notice, after reading it, we encourage you to contact our Data Protection Officer, whose details can be found below.

WHO DOES THIS PRIVACY NOTICE APPLY TO?

This notice applies to you if you have any of the following relationships with us:

  • Corporate Representatives – anyone who is a representative of any of our corporate customers (e.g. an employee, director or trustee) or users of our services.
  • Web Visitors – anyone who visits our websites, applications or social media pages or interacts with us via third party websites.
  • Candidates – anyone who is applying for a position with us, including as a contractor or consultant.
  • Communicators –Anyone who corresponds with us by post, email, social media or any other method.
  • Third party customers – anyone who is a customer of a third party and we have a relationship with that third party.
  • Subscribers – anyone who subscribes to receive communications from us.
  • Suppliers – anyone who provides services to us or are employed by a company that provides services to us.
WHAT PERSONAL DATA DO WE COLLECT?

As part of your use of your Xpansiv-provided services and your use of our websites, we may collect the following types of personal data:

  • Contact Data –your e-mail address, telephone numbers, billing and delivery addresses.
  • Identity Data – data used to verify your identity, including, first name, maiden name, last name, date of birth, nationality, country of residence/domicile, social security number (if applicable), documents required for anti-money laundering checks and monitoring (including a copy of your passport or national identity card containing a photograph, documents to verify your address and if applicable law permits, documents required to conduct credit checks), and other details as necessary to enable us to meet applicable laws and regulations, including fulfilling regulatory reporting requirements.
  • Profile Data – professional information from you such as job title, career history, trading experience, qualifications and memberships of professional bodies, business relationships and credentials that allow you to access our services, including your user ID, password and memorable information.
  • Marketing and Communications Data – Records of any communications between you and us, including your preferences in receiving marketing from us and your communications preferences via email, our websites, telephone, social media or any other method as well as social media account information and personal information collected from social medial accounts.
  • Technical Data – your Internet (IP) address, cookies, activity logs related to interactions with our systems, online identifiers, device type, browser type, operating system, unique device identifiers and geo-location data.
  • Transaction Data – details about payments from you and other details of matters on which you have instructed us and/or products and services you have purchased from or sell through us.
  • Usage Data – details on your usage of our systems, the information you select, logs of when you access services and for how long, what content you access, and what content you download
  • Financial data – to assist with facilitating various types of transactions, we may have specific financial data including but not limited to banking account information and credit card details.

We may collect, process and share aggregated, anonymized, or de-identified information, including location data for certain services which may identify country, city or state data and/or latitude-longitude, and such information will not constitute your personal data. 

In compliance with applicable law, Xpansiv hereby states that it does not currently read, recognize or respond to Do Not Track signals received from browsers.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We use various methods to collect data from and about you including through:

Direct interactions. You may give us your identity, contact and job and career data by giving us business cards in hard or electronic copy, by filling in forms, applying for a job or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • instruct us to provide you with services;
  • engage with us in the course of transactions in which we are involved professionally;
  • become a professional contact;
  • complete surveys or forms we use for compliance or research purposes;
  • enquire about the services we provide;
  • use our websites, trading platforms or other services we provide;
  • meet with us at business events organised by us or by third parties;
  • lodge a complaint;
  • subscribe to our publications; or
  • request information to be sent to you.

Automated technologies or interactions. As you interact with our websites, applications or platforms, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy at https://xpansiv.com/cookie-policy/

 

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from analytics providers;
  • Identity and contact data from publicly availably sources;
  • Identity, contact and profile data from social media including LinkedIn; and
  • Professional intermediaries.
HOW DO WE USE PERSONAL DATA?

We will only use your personal information as permissible by law. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to register you as a new customer;
  • Where we need to enter into or perform the contract we have entered into with you;
  • Where we need to comply with a legal obligation;
  • Where it is necessary for our legitimate business interests; or
  • Where we have obtained your consent.

We may also use your personal information to protect your (or someone else’s) vital interests or if it is in the public interest. These situations are likely to be rare.

More specifically, we use the personal information for the following purposes and as otherwise described in this privacy notice or at the time of collection:

Purpose/Activity Type of Data Lawful Basis for Processing Including Basis of Legitimate Interest
To register you as a new
customer and open an account with us To allow us to conduct KYC on new customers, their representatives, officers, shareholders and/or ultimate beneficial owners
(a) Identity
(b) Contact
Entering into and/or performance of a contract with youNecessary to comply with a legal obligationNecessary for our legitimate interests (to complete our KYC procedure in line with our corporate risk profile)
To allow you to transact with other customers/participants To support you in completing Know Your Customer (KYC) procedures of potential counterparties with which you may enter contracts To support you in finalizing with other counterparties contracts that were agreed via our services (a) Identity
(b) Contact
Entering into and/or performance of a contract with youNecessary for our customers’ legitimate interests (to complete their KYC procedures)Necessary for our customers’ legitimate interests (to allow you to transact with other customers)Valid consent given by you
To carry out instructions from you or in which you are professionally involved, including in providing support in relation to our trading platforms and services. (a) Identity
(b) Contact
(c) Transaction
(d) Marketing and Communications
Entering into and/or performance of a contract with youNecessary for our legitimate interests (to maintain our records and to enable us to secure repeat business from you)
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policyAsking you to provide
feedback on our services
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
Performance of a contract with youNecessary to comply with a legal obligationNecessary for our legitimate interests (to keep our records updated and to review quality of our services).  
To manage, monitor, administer and operate our business, platforms and websites (including troubleshooting, data analysis, archiving, testing, system maintenance, support, reporting, security, hosting of data, billing and payment administration) (a) Identity
(b) Contact
(c) Technical
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation)Necessary to comply with a legal obligation
To deliver relevant website content to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Necessary for our legitimate interests (to understand how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)Valid consent given by you
To use data analytics to improve our websites, products/services, marketing, client relationships and experiences (a) Technical
(b) Usage
Necessary for our legitimate interests (to define types of customer for our products and services, to keep our websites updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about products and services that may be of interest to you              (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
Necessary for our legitimate interests (to develop our products/services and grow our business). Valid consent given by you
To meet our record keeping obligations (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile        
Necessary to comply with legal obligations and for our legitimate interests in considering we can provide our assistance for you in the future
To manage risk, identify issues for our business and report on those internally Any Personal data we collect under this notice Necessary for our legitimate interests to develop and nurture opportunities and to deliver better services to our customers
To comply with applicable law and regulation that may relate to anti-money laundering, terrorist financing and the prevention and detection of unlawful acts and criminal activity including fraud Any Personal data we collect under this notice Necessary to comply with legal obligations
To comply with legal and regulatory requests or demands from appropriate regulatory, public safety, law enforcement, taxation or governmental entities Any Personal data we collect under this notice Necessary to comply with legal obligations
To communicate with you and maintain records of those communications, including telephone conversations (a) Identity
(b) Contact
(c) Marketing and   communications
Necessary for our legitimate interests (to manage our relationship), with your valid consent and to comply with legal obligations   (b)     Valid consent given by you .
To manage and protect our business and to enforce our legal rights, including conducting audits and risk assessments and establishing, enforcing and defending legal claims including debt recovery or debt tracing Any Personal data we collect under this notice Necessary to comply with legal obligations and for our legitimate interests to protect our business and interests
To market our products and services that we think may be of interest to you on behalf of Xpansiv affiliates (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
Necessary for our legitimate interests (to develop our products/services and grow our business) and with your valid consent (b)     Valid consent given by you .
To train our staff so we can maintain our quality of services Any Personal data we collect under this notice Necessary for our legitimate interests to deliver better services to our customers
To ensure we have adequate security measures and services Any Personal data we collect under this notice Necessary for our legitimate interests (to make sure we can safely access our websites, applications and platforms) and to comply with our legal obligations  
To run competitions and special offers and (a) Identity
(b) Contact
(c) Profile
Necessary for our legitimate interests (to make sure you get all the benefits due to you) and with your valid consent  
To enhance our products and services, which involves analysis of client preferences, transactions and market trends, market research,  testing new systems and upgrading new systems and evaluating the effectiveness of our marketing   Necessary for our legitimate interests (to develop our products/services and grow our business)
To process payments to customers via bank transfer or take credit card payments from customers (a) Identity
(b) Contact
(c) Financial
Necessary for our legitimate interests (to carry out the services we have agreed to provide to you) and to perform our contract with you
Making a decision about your recruitment or appointment. (A job applicant’s name, email address and CV are collected in order to consider them for a job vacancy). (a) Identity
(b) Contact
(c) Profile
Necessary for our legitimate interests Entering into or performing a contract with you  
Determining the terms on which you work for us (a) Identity
(b) Contact
(c) Profile
Necessary for our legitimate interestsEntering into or performing a contract with you  
Checking that you are legally entitled to work in the relevant jurisdiction (a) Identity
(b) Contact
Necessary to comply with a legal obligationEntering into or performing a contract with you  
For SRECTrade only, to provide you with autodialed or prerecorded calls and text messages to tell you about our products, services and to provide service updates (a) Identity
(b) Contact
(c) Profile
Valid consent given by you

In some of the above ground for processing we may have several lawful grounds for using personal information, for example, to meet our legal obligations and ensure appropriate documentation of compliance, to fulfill l our rights or obligations under a contract, or to establish, exercise or defend our legal claims.

We may occasionally ask an individual for specific consent to process their personal data.

If we do seek your consent, you can withdraw it at any time but please note that this does not affect the lawfulness of our processing of your data carried out with your consent before the withdrawal. If you withdraw your consent, we may not be able to provide you with certain products and services or process certain transactions.

Sensitive Data. In some countries, applicable law may consider certain types of personal data we may collect that may be considered sensitive in nature and therefore may require additional protection. These types of data include:

Children’s Data. Our services are not directed to children under the age of 18 and so we do not knowingly collect or retain personal data from such persons. If we learn that we have collected personal data from persons under 13 years of age we will immediately delete that information. If you access our websites from the UK or EU/EEA or if you access an EU/EEA website, the age limit will be 16.

Criminal Convictions. We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.

We will only collect information about criminal convictions when opening an account with us or related to certain roles if seeking employment if it is appropriate (a) given the requirements of the business transaction; (b) where you have voluntarily provided us with such information or such information is publicly available; and (c) where we are legally able to do so.


WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?

We may share your personal information with Xpansiv affiliates, service providers or other third parties for various purposes including to achieve our business objectives and to comply with applicable law. We have agreements in place with those third parties requiring them to protect your personal information, comply with applicable data protections laws, and only use your personal information for the purpose specified in their contracts with us.

We may disclose your personal information to the following parties to achieve our own purposes but under no circumstances do we license, sell, trade, or lend any personal information for money or other valuable consideration:

  • Xpansiv affiliates to facilitate our operations business, services and products;
  • Service providers such as cloud service providers like Amazon Web Services and Microsoft Azure, telecommunications providers, sales and marketing administration services, data analytics and search engines providers, courier services, banking services and payment processors;
  • Credit references agencies for us undertaking ‘KYC’ checks if you apply to become a customer, certain employment roles, or as otherwise as permitted by applicable law;
  • Third parties acting on your behalf such as financial institutions if you seek credit from them, introducing brokers, trustees, attorneys or any persons carrying out a similar administrative function;
  • Regulators, governmental authorities and law enforcement agencies to cooperate fully with state, local, federal, and international legal, governmental and regulatory entities, authorities, courts and officials in any investigation or governmental, legal or regulatory proceeding or process;
  • Professional advisors including accountants, financial advisors, lawyers and other professional advisors to support auditing, compliance and corporate governance functions;
  • Prospective purchasers or transferees if our business, or part of it, may be or is sold or reorganized; and
  • Other customers if necessary to facilitate the execution and/or settlement of a transaction, entry into a contract or some other services as requested by you.
INTERNATIONAL TRANSFERS

We may process information collected from or about you in any country in which we operate in accordance with applicable law. We put in place appropriate procedures and safeguards (including but not limited to signing standard contractual clauses) in accordance with applicable legal requirements when data is transferred, stored and processed in a country that is not regarded as ensuring an adequate level of protection for information under applicable law (such as those in the United Kingdom and European Union).

THIRD-PARTY LINKS

Our websites and platforms may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our websites, we encourage you to read the privacy notice of every website you visit.

COOKIES

We use cookies to store and collect information about your use of our websites. For more information, please see our Cookies Policy which is available on our website here: xpansiv.com/cookie-policy/.

YOUR PRIVACY RIGHTS

You may have certain rights regarding your personal information depending on your country of residence.

If you are based in the United Kingdom, European Union and certain other countries your privacy rights may include the right to:

  • Access – request a copy of the personal information we hold about you.
  • Rectification – request any inaccuracies in the data we hold about you be changed.
  • Erasure (right to be forgotten) – request the deletion or removal of personal information in certain circumstances.
  • Restriction – request that we restrict use of your personal data in certain circumstances.
  • Object – object to certain ways that we process your data.
  • Data Portability – request that your data be shared with a third party.
  • Withdraw your consent – where we are relying on your consent that can be withdrawn at any time.
  • Complaints – you may be entitled to lodge a complaint with us or your local data protection authority.

If you are based in California, you may have certain rights with respect to your personal information, these include the right to:

  • Information about the personal information that we collect about you and the manner in which we use, process and disclose that information;
  • Obtain the specific pieces of personal information that we have collected about you;
  • correct inaccurate personal information that we maintain about you;
  • Delete certain personal information that we have collected about you;
  • Opt-out of the sale or sharing of your personal information to third parties under certain circumstances;
  • Not be discriminated against as a result of exercising any of the aforementioned rights;
  • request certain information regarding the disclosure of Personal Information during the past twelve (12) months to third parties for their own direct marketing purposes (pursuant to California’s “Shine the Light” law).

You will not normally have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if we consider that your request for access is clearly unfounded or excessive.

Please note that some of your rights are not absolute and there may be certain circumstances where we are unable to fulfil a request that you have made. In some circumstances we may also require that you provide additional personal information to confirm your identity.

AUTOMATED DECISION MAKING

Xpansiv may use automated analytics to identify individuals who would be most interested in our products and services, which may result in you being contacted by us.

DATA RETENTION

Xpansiv retains your personal information for as long as Xpansiv has an ongoing commercial relationship with you, as a prospect or customer or where required, in order to comply with applicable legal and regulatory requirements (including responding to enquiries from governmental bodies and establishing, exercising or defending legal claims, disputes or complaints).

DATA SECURITY

Xpansiv follows generally accepted industry standards to protect information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards and other reasonable security measures to protect personal information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal information in our possession. This includes, for example, the use of firewalls, encryption, password protection and other access, authentication and authorization controls.

Please be aware that, despite our ongoing efforts, no security measures are perfect or impenetrable. In addition, we are not responsible for the security of information that you transmit to us over networks that we do not control, including internet and wireless networks.

UPDATES TO THIS PRIVACY NOTICE

We may update this privacy notice from time to time. When we do, we will notify you of the changes by updating the date of the privacy notice and posting the revised version on our websites and providing such other notice as may be required by law.

CONTACT DETAILS

If you have any comments or questions about how we process your data or wish to exercise any of your rights, please contact us by post or by email at [email protected]:

Data Protection Officer
Xpansiv
345 California Street, Suite 700
San Francisco, CA 94104

Please note that we may need to verify your identity (and your rights to your personal information) before responding to any requests or queries.