Date of the latest revision: 10 June 2024.
1. Introduction
1. To provide our services, we collect and process personal data about you. This Privacy Policy explains how we collect, use, and protect your personal data when you access or use Xnvia services. It also outlines your rights regarding your personal data.
This policy covers the processing of personal data of our customers (or, in other words, the users of the Xnvias’ services) and website visitors. Personal data refers to all data that relates to an identifiable individual. Such data includes for example name, contact information and trade history on the platform.
This policy applies to personal data we process or that is processed on our behalf (in other words, the processing for which we are the controller). Please note that our website and services contain links to third party websites or elements provided by third parties (for example an embedded video player). These third parties also process your personal data, either on our behalf (in other words, they are data processors) or for their own purposes. More information on where we disclose your data to, is available from chapter 3 of this policy.
We will update this policy from time to time to keep the information in this policy up-to-date as we develop our operations and services. You can always find the latest version of this policy on our website. We will notify you of any significant changes by email and/or through our website. If you have any questions regarding this policy, our contact Support.
Information security is paramount to Xnvia, and we use a variety of technical and organisational measures and strict best practices to protect all personal data and other data we process.
2. Your personal data and why we use it
1. We process personal data for the following reasons:
• to provide our services to our users, including ensuring their security;2. The data we process can be divided into the following categories:
• personal identification data and contact data, including3. We process your personal data based on one of the following legal bases, depending on the circumstances:
• performance of a contract to which you as a data subject are a party to;More detailed information about the purposes is available below.
3. Providing Xnvia services
1. We process personal data to provide our services and to enable trading of cryptocurrencies. This includes the core functionalities of the services, the escrow protection and for example the affiliate program of our peer-to-peer model. Some of the personal data is also used to develop the service, for example through statistical data on the most popular features.
2. The data processed for this purpose is primarily collected from the users themselves, either when signing up for the services or for example when submitting new trades or making transactions on the services. Some data is collected from the use of the services, including logs and some trade data (such as timestamps). Some data is provided by other users, such as feedback after a transaction.
3. The personal data used for these purposes includes:
• personal identification data and contact data (name, username, email address etc.)4. The legal bases for this processing are the performance of a contract (with our customers) and the legitimate interests of Xnvia (to ensure the security of the service and to prevent fraudulent use of the service).
5. Please also note that you have the option to post some data publicly when using our services. This may be for example through optional fields on your profile or interactions on public boards. You have control over which data you choose to include and remove, but please note that you should not post any data you consider private, and we urge you to consider that such data may be indexed by search engines or otherwise be processed by others outside our services.
4. Complying with our legal obligations
1. We process personal data to comply with our legal obligations in accordance with applicable legislation and orders of competent authorities. We have legal obligations to for example identify our customers and to prevent money laundering and financing of terrorism. We also have a legal obligation to disclose some data to the authorities if ordered to do so.
2. This data is partly collected from the users themselves (such as formal identification data and biometric data) and partly from the use of our service (such as some data about the transactions).
3. The data used for these purposes includes:
• personal identification data and contact data, including4. This data is processed on the basis of our legal obligations. These obligations relate primarily to the know-your-customer and anti-money laundering and anti-terrorism financing legislation. Biometric data may also be processed on the basis of the processing being necessary for reasons of substantial public interest (including but not limited to preventing money laundering, terrorist financing and fraud). In some cases, we may also ask for your consent to the processing of biometric data.
5. Communicating with our customers and marketing our services
1. We use personal data to communicate with our customers in a variety of ways. These include for example notifications sent through the services, updates about the services and other marketing communications. We also use advertising services to target advertising for potential customers.
2. This data is partly collected from the users themselves (such as contact data) and partly through an analytics service provider and the use of our website.
3. The data used for these purposes includes:
• contact data (e-mail address, phone number);4. We process your personal data based on our legitimate interests in communicating about our services, fulfilling our contractual obligations to provide you with trade notifications and other service-related updates, and obtaining your consent for marketing communications and targeted advertising.
6. Disclosing Your Personal Data to Others
1. For Xnvia to be able to offer its services, we use certain third-party service providers to help us run our service. These include hosting providers and other technical service providers which allow us to monitor the status of our service and to send you email notifications. We also use third-party services to protect the security of the website and to filter malicious traffic, and to generate statistics about the use of our website and to target advertising.
2. We may use third-party ID service providers to verify the identity of our customers. These companies verify the identity based on formal identification proof, such as a passport.
3. In addition, we disclose personal data to authorities in cases where we have a regulatory obligation to do so. The content and recipient of these disclosures varies from case to case, but such disclosures are based on a regulatory obligation or a binding order by the authorities.
7. How long is your data processed?
1. We maintain your personal data for as long as is necessary to provide our services or as required by law. The retention periods vary depending on the type of data, the purpose of processing, and applicable laws. For specific data categories, we adhere to the storage principles and timeframes outlined below. Please be aware that in certain instances, data may be retained for longer durations, such as to resolve customer support inquiries, conduct audits, or comply with legal obligations. You have the option to delete certain data from your user account yourself.
2. Please also note that all data included in the blockchain will remain publicly available on the blockchain. This is due to the nature of the blockchain technology and is not controlled by us.
8. Account and transaction data
1. Typically, we retain account and transaction data for the duration of your active account and for five years subsequent to account deletion if transactions have been conducted. Your public profile and any associated advertisements will be concealed 14 days following deletion and thoroughly eradicated within the five-year timeframe.
2. If you have not conducted any transactions, your account and related data will be deleted 14 days after the deletion request.
9. Technical data
Individually identifiable analytics data related to our services is purged within 14 days following a deletion request. Notification data may be retained for extended periods, but not exceeding 13 months. The duration of log storage may differ, yet Xnvia will maintain logs solely for the timespan deemed essential.
10. Transfers of data outside the EU
1. Xnvia hosts its services in the European Union and your personal data is primarily processed on our secure servers within the European Union.
2. We may transmit personal data to parties outside the European Union, if one of our Processors or Controllers is established outside the European Union. This is the case for example in cases where you are a resident of a non-EU country and we are obligated to disclose data to your local authorities.
11. Your rights
If your personal data is processed, you have privacy rights and, of course, Xnvia respects these. More specifically, you have the right of access, deletion and rectification of personal data, objection to processing of personal data, restriction of processing of personal data and the right of data portability. You can exercise your right by contacting Support. We may ask you to provide further information in order to determine your identity first, to ensure that no one else is trying to execute your privacy rights.
Xnvia will respond to your request as quickly as possible, although this can take up to one month. If more time is required to complete your request, Xnvia will let you know how much longer is needed and the reasons for the delay.
The above rights are not always absolute, and sometimes we may have pressing interests or a legal obligation to deny your request. In such case, we will explain to you our reason for denying your request.
12. Contact and questions about this Privacy Policy?
If you have any questions about this Privacy Policy, your rights or our data processing practices in general, you can contact Support.