Version: 1.5

Effective from: 24.05.2023

1. General

This Privacy Policy informs You regarding xpate LTD policy regarding the collection, use, and disclosure of personal data when You use the Company’s service and the choices You have associated with that data.

Definitions:

• Policy – this Privacy Policy of xpate LTD
• Company, we, us, our – xpate LTD, incorporated in England (registration number 11920779, registered address: Level 18, 40 Bank Street, Canary Wharf, London, England, E14 5NR)
• UK GDPR – UK General Data Protection Regulation
• EU GDPR – EU General Data Protection Regulation
• You, Your – an identified or identifiable individual (i.e. a Data Subject as defined in the UK GDPR, EU GDPR, UK Data Protection Act 2018 as applicable) who is applying, accessing or using xpate services either on his or her own account or on behalf of a corporate entity. This includes an individual acting as an existing customer or as a prospective customer of xpate, or an individual acting on behalf of a corporate entity, including any principals (managing and financial directors, other directors and officers, shareholders, partners and beneficial owners of the corporate entity), as well as any member of staff or an employee accessing or using xpate services on behalf of a corporate entity.
• EEA – European Economic Area
• Websites – the xpate website at www.xpate.com and other websites of xpate products and services
• xpate group – the group of companies affiliated or otherwise partnered with xpate LTD

xpate LTD is a personal data Controller as defined in the UK GDPR, the UK Data Protection Act 2018 and EU GDPR. Company is entitled to process and to contract a processor to process personal data of Data Subjects on behalf of Company.

Company’s customers’ personal data security is the first priority for Company, and the Company fully complies with all the applicable laws and regulations. This Policy applies to the personal data processing activities of xpate LTD. Your personal data may be transferred to and processed at a destination outside the United Kingdom and the EEA including countries that have different data protection rules than Your country. It may also be processed by Company’s staff or staff of xpate’s service providers operating outside the United Kingdom and the EEA. By using xpate products and services and accepting this Policy, You consent to Your personal data being transferred to other countries.

For any inquires or additional information in relation to this Policy, please contact our Data Protection Officer at:

xpate LTD

Address: Level 18, 40 Bank Street, Canary Wharf, London, England, E14 5NR

E-mail: [email protected]

2. When do we collect information about You?

We collect and process personal data about You in various instances, including but not limited to the following:

• Registration and contact forms on Websites

If You wish to establish a business relationship with us, find out more about our services or if you have any other question for us, You may be asked or offered to fill out an electronic application or registration form on our Websites with your initial identity and contact information. We also collect Your electronic device information at that time.

• Website visits

When You visit xpate Websites, we collect information about Your activity with the help of cookies or equivalent technologies. Device information such as browser’s identifier, the Website’s visiting frequency, average time spent on the Website and viewed pages is collected. Such information is collected with the purpose of evaluating the attractiveness of our Websites and to improve their content and functionality.

Cookies are informational files that identify a computer or a mobile device that You use to access our Websites or use our services. We use both first party cookies (cookies for which the provider is xpate as the owner of Website domains) and third party cookies (cookies for which the provider is a third party such as one providing a service to xpate or conducting analytics or advertising activities). More information about the cookie files used by xpate can be found in xpate’s Cookie Policy.

• Entering Your account with xpate

When You enter your xpate online account as a customer, we may obtain personal data to identify You from other visitors of the Website. Data such as device and browser information are collected at that time.

• Using xpate services

We collect and process information about You while You are using our services, for example, by verifying Your identity, correcting Your contact details, managing Your payment details, processing Your payments, ensuring the security of Your account and our services.

• Communication with xpate

We collect information when You communicate to us via email, phone call, Live Chat, Websites and other means. We also process Your personal information when we are contacting You.

• Customer surveys

When You participate in our customer survey, we will store the involved personal information.

3. What information do we collect and from whom?

3.1.        Information You give us

You may give us information about Yourself when You use our services, contact us, or in other way. Please note that You are only allowed to provide Your own personal data when using the services unless legally authorised otherwise, for the services to be provided correctly.

We will be informing You regarding the specific data that is required for us to collect from You in accordance with the reasonable steps that need to be taken in the course of establishing a business relationship with You or providing a service that You wish to use. The data collected at each stage shall be proportionate to the services we provide to You and the data collection purposes at the time.

We may collect personal data from You directly in the course of establishing a business relationship or providing a service based on the following types of requirement:

• Legal requirement

This is a requirement that is placed on us by the applicable legislation. If You fail to provide this data category to us, it may prevent us from being able to enter into a business relationship with You or may force us to end our business relationship with You unilaterally.

• Requirement to enter into contract

This applies to personal data that is needed in order for us to enter into a business relationship with You. Your failure to provide this data category to us may prevent us from being able to enter into a business relationship with You.

• Contractual requirement

Personal data covered by this requirement ensures our ability to maintain our business relationship with You. Your failure to provide this data category may force us to end our business relationship with You unilaterally.

Depending on which Service You choose to use, this personal data will be:

---

Personal data category	Requirement for You to provide the personal data category to us
Contact- and identification information – name, date of birth, gender, national ID number, title, billing and shipping address, email address, mobile phone number, nationality, salary, employment and employment history, audio recordings, photos and video recordings of You and Your ID card, residential address proof documentation etc.	Legal requirement Requirement to enter into contract Contractual requirement
Payment information – credit and debit card data (card number, validity date, and CVV code), bank account number, e-wallet number etc.	Legal requirement Contractual requirement
Special categories of data – gender, biometric data (video, photo etc.)	Legal requirement Contractual requirement

You may, at Your sole discretion, choose to provide us with additional information about You which constitutes “special categories” of personal data according to the UK GDPR and the EU GDPR, including e.g. data revealing religious, political or philosophical beliefs, trade union membership, or data concerning health, sex life or sexual orientation. We will never require this additional information from You in order to provide You with our Services. Providing us with this additional information will be strictly voluntary and based on Your explicit consent. Please see sections 9 and 10.7 of the present Policy for information about how You can revoke Your consent.

You can at any time change Your profile information such as Your contact information and other editable settings. This can be done by contacting us.

3.2.        Information we collect about You from third parties

We may collect Your personal data in the course of establishing a business relationship or providing a service from or with the help of the categories of third parties listed below. Exactly which third parties are involved and for which purposes will depend on which service You use; therefore, collection of data from third parties is subject to section 4. Purpose and legal basis of personal data processing of the present Policy.

When we collect Your personal data from or via third parties, we take all reasonable contractual, legal, technical, and organisational measures to ensure that Your personal data is processed with an adequate level of protection and in accordance with applicable law. The data collected shall be proportionate to the services we provide to You and the data collection purposes at any given time.

• Suppliers and subcontractors that we use for the fulfillment of our commitments arising from the provision our services to You such as communications service providers, IT service providers, payment service providers and financial institutions when provision of our service to You requires involvement of such providers
• Outsourced service providers that we use for the provision of our services including but not limited to identity verification services, fraud prevention services, money laundering prevention services
• xpate group - Your information may be shared with companies within the xpate group, based on xpate’s legitimate interest to conduct its business.
• Third parties taking legal actions in connection with debt collection on our behalf (for instance, debt collectors, lawyers, court bailiffs, insolvency administrators and other persons acting in accordance with the applicable laws)
• Our legal, accounting and auditing service providers
• Government authorities and institutions, regulators, law enforcement bodies
• Government information systems such as population registers, state social insurance agencies etc. in accordance with the applicable legislation
• 3rd parties that You ask us to disclose or consent to us disclosing Your personal data to
• Your legal representative
• Social networks
• Public information sources

Depending on which services You choose to use, we may collect the following information about You in the course of the business reilationship, either ourselves or via third parties (for example, credit and fraud prevention agencies, products/services, or public databases):

• Contact and identification information – audio recordings, photos and video recordings of You and Your ID card etc.
• Biometric information – video, photo data of You that is collected during Your identity verification when using our services and may be processed via our specialized service providers
• Information on orders – details about the goods/services You purchase or order including, for example, type of goods or shipment tracking number
• Financial information – financial information collected from third parties such as Your income, potential credit commitments, negative payment remarks etc.
• Transaction information - xpate saves Your information such as transaction type, transaction amount, Your identifying information (such as IBAN, name, email, address) for the purpose of implementing Company’s services
• Information about the interaction between You and xpate – how You use the services, including information on outstanding and historical debts; technical data such as page response times, download errors, personal preferences; Your interactions with our customer service, etc.
• Recorded conversations – we record telephone conversations if You call our customer service and web-site chats, and sometimes when we call You, if we inform You about this at the start of the call.
• Device information – e.g. IP address, language settings, browser settings, time zone settings, operating system and platform and screen resolution.
• Information from external sanctions lists and PEP lists – we may screen Your information against lists of persons subject to sanctions, and lists of persons who are Politically Exposed Persons. These lists include information such as name, date of birth, place of birth, occupation or position and reason for being listed.
• Service-specific information – in order to provide You with some of our services we may collect and process additional personal data that is not covered by the above categories.

4. Purpose and legal basis of personal data processing

4.1.         General information on purpose

xpate must have a legal basis (a valid legal reason) for processing Your personal information A valid legal basis can be any of the following:

• Fulfil contractual obligations

We need certain personal information to provide our services and cannot provide them without this information.

• Comply with laws

In some cases, xpate have a legal responsibility to collect and store Your personal information (for example, under money-laundering laws we must hold certain information about our customers).

• Legitimate interests

xpate sometimes collect and use Your personal information, or share it with other organizations, because we or they have a legitimate reason to have it and this is reasonable when balanced against Your right to privacy.

• Consent

Where You've agreed to xpate collecting Your information, for example, by using xpate Websites or when You have ticked a box to indicate You are happy for us to use Your personal information in a certain way.

4.2.        What personal data do we process, for what purpose, and why is it lawful for us to do so?

Depending on which services You use, xpate may process Your personal data for the purposes listed below, based on the legal bases stated for each respective purpose.

Purpose of the processing	Personal data	Legal basis for the processing
Administer the customer relationship with You in different ways, for example to process Your payment	Contact- and identification information, payment information, information on goods/services, financial information, information about interaction between You and xpate, information about the interaction between You and products/services, device information, and service-specific information	Fulfill contractual obligations
Create and send information to You in electronic format (non-marketing)	Contact- and identification information, payment information, information on goods/services, financial information, information about interaction between You and xpate, device information, and service-specific information	Fulfill contractual obligations
Assess which is the most suitable way to contact You to inform You about outstanding matters	Contact- and identification information, financial information (if we have this available) and information about the interaction between You and xpate	xpate has a legitimate interest in being able to contact You in the most effective way We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose
Conduct customer satisfaction surveys regarding our Services (for example, after You have contacted xpate’s customer service) via email, sms, phone or through other means You can object to this at any time. You will also be informed about Your right to opt-out from these communications every time Your email or phone number is used for this purpose	Contact- and identification information, information on goods/services, information about interaction between You and xpate, and information about the interaction between You and products/services	xpate has a legitimate interest in conducting customer satisfaction surveys We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose
Carry out AML checks	Contact- and identification information, biometric information, financial information, information about interaction between You and xpate	Comply with laws
Prevent IT attacks (for example DDoS attacks) toward xpate’s services, as part of our efforts to keep our services safe and secure	Contact- and identification information, information about interaction between You and xpate, information about the interaction between You and products/services, as well as device information	xpate has a legitimate interest in keeping our Services safe and secure We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose
Improve our services, training and quality assurance, as well as documenting what has been discussed and decided between You and xpate	Recorded telephone conversations, web chat discussions	xpate has a legitimate interest in improving our services, and in conducting training and quality assurance We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose
Transfer Your data to products/services, suppliers and other recipients	All of the personal data categories under Section 3.	Varies depending on recipients, for example, xpate has a legitimate interest to use suppliers to provide its services, and we may have legal obligations to share data with authorities. Data sharing with payment service providers and international payment systems is necessary to carry out the payment contract with You
Carry out risk analysis, fraud prevention and risk management (for example, through verifying Your identity and carry out checks with fraud prevention agencies and similar agencies)	Contact- and identification information, biometric information, payment information, information on goods/services, financial information, information about interaction between You and xpate, information about the interaction between You and the products/services, special categories of personal data and device information	xpate and other parties (foremost, our customers) have a legitimate interest in risk management of xpate’s business, for example, handling fraud risk We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose xpate also has a legal obligation to establish its customers’ identities Special categories of data are processed based on Your explicit consent.
Perform debt collection services, i.e. to collect and sell debt	Contact- and identification information, information on goods/services, financial information, information about interaction between You and xpate, information about the interaction between You and the products/services	xpate has a legitimate interest in collecting and selling debt We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose

Product improvement and research

Purpose of the processing	Personal data	Legal basis for the processing
Anonymise Your personal data for product development in order to analyse customer behaviour	Contact- and identification information, payment information, information on goods/services, financial information, information about interaction between You and xpate, information about the interaction between You and the products/services, device information, and service-specific information	xpate has a legitimate interest in anonymizing Your personal data for product development in order to analyse customer behaviour We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose
Perform data analysis for product improvement and product testing (for example, to improve risk and fraud models)	Contact- and identification information, payment information, information on goods/services, financial information, information about interaction between You and xpate, information about the interaction between You and the products/services, device information, information from external sanctions lists and PEP lists, and service-specific information	xpate has a legitimate interest in performing data analysis for product improvement and product testing We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose
Enable internal research and creation of statistical models	Contact- and identification information, payment information, information on goods/services, financial information, information about interaction between You and xpate, information about the interaction between You and the products/services, device information, and service-specific information	xpate has a legitimate interest in enabling internal research and to create statistical models We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose

Compliance and to protect xpate from legal claims

Purpose of the processing	Personal data	Legal basis for the processing
Comply with applicable laws, such as anti-money laundering and bookkeeping laws, and regulatory capital adequacy requirements	Contact- and identification information, biometric information, payment information, information on goods/services, financial information, information about interaction between You and xpate, information about the interaction between You and the products/services, device information, information from external sanctions lists and PEP lists, and service-specific information	Comply with laws
Perform screening against lists of persons subject to sanctions, and lists of persons who are Politically Exposed Persons	Contact- and identification information, biometric information, information from external sanctions lists and PEP lists	Comply with laws
Protect xpate from legal claims, and enforce xpate’s legal rights	All of the personal data categories under section 3	xpate has a legitimate interest in protecting itself from legal claims, and in enforcing its legal rights We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose

To provide marketing

Purpose of the processing	Personal data	Legal basis for the processing
To provide marketing and offers regarding our services to You You may always opt out by contacting us	Contact- and identification information, information about interaction between You and xpate, information about the interaction between You and the products/services, and service-specific information	xpate has a legitimate interest in providing marketing and offers to You We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose
To decide which marketing to provide to You. This processing also ceases when You opt out from receiving marketing	Contact- and identification information, information on goods/services, information about interaction between You and xpate, information about the interaction between You and the products/services, device information, and service-specific information	xpate has a legitimate interest in deciding which marketing to provide to You We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose
To provide links that are sponsored to products and services	Information on goods/services, information about interaction between You and xpate, information about the interaction between You and the products/services, device information, and service-specific information	xpate has a legitimate interest in providing links that are sponsored to promote its products/services We ensure that the processing performed for this purpose is necessary for fulfilling our legitimate interest, and that our interest outweighs Your interest in not having Your personal data processed for this purpose

5. Data retention periods

We store Your personal data in accordance with the legal basis and purposes of processing the data. The data is destroyed when we no longer need it for the applicable purposes of processing. Principles that govern certain processing activities include the following:

• Personal data collected by us in accordance with the applicable Anti-Money Laundering laws and requirements is stored for a minimum of 5 years but not more than 10 years after the conclusion of the business relationship with You or after Your last transaction. The applicable retention period is extended in any of the following cases:

• We are required to retain the personal data under any enactment or for the purpose of court proceedings
• You have given us Your consent to the retention of Your personal data or
• We have reasonable grounds for believing that the personal data needs to be retained for the purpose of legal proceedings

• Personal data included in service contracts concluded with us is stored for 10 years after the end of the contract.
• Personal data related to debt management is retained for up to 10 years after payment of the debt.
• Where processing of personal data is done for direct marketing purposes, personal data is stored until our business relationship with You ends or until You withdraw Your consent.
• Personal data may be retained due to other legal obligations applicable to us in accordance with the respective time frames related to those obligations.

6. xpate’s profiling and automated decision making

Profiling is any form of automated processing of personal data used to assess certain personal characteristics of You in particular to analyse or predict, for example, the economic situation, personal preferences, interests, place of residence. We use profiling based on the personal data we have about You in order to take individual or automated decisions about You, for the following purposes:

6.1.        Decisions without legal or similarly significant effect

xpate makes the following decisions without legal or similarly significant effects for You:

• Predicting what marketing content would be of interest to You. You can always object to this and deregister from the marketing and this profiling, by contacting us.
• Deciding on the most suitable way to contact You concerning outstanding debt.

6.2.        Decisions with legal or similarly significant effect

Automated decision making with legal effects, or automated decisions with similarly significant effect, means that some decisions in our services are solely based on automatic means, without any interaction from any of our employees, and carry a significant impact on You as a consumer with them. By making such decisions in an automated fashion, xpate increases objectivity and transparency in the decisions.

We use this type of automated decision making when we:

• Decide to approve Your application;
• Decide not to approve Your application;
• Decide whether You pose a fraud- or money laundering risk if our processing reveals that You display behaviour consistent with money laundering or fraudulent conduct, that Your behaviour is inconsistent with Your previous use of our services, or that You appear to have deliberately hidden Your true identity. xpate also checks whether or not a specific customer is listed on a sanctions list.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to You.

You always have the right to challenge an automated decision which carries a legal or similarly significant effect (together with the profiling connected to it), by contacting us using the contact channel offered by xpate for the relevant service or product, or the email given in section 1 of the present Policy. Upon your request, an xpate employee will then look at Your case.

7.  Who might we share Your personal data with?

We may share Your personal data with the categories of recipients listed below, for the purposes listed below.

Exactly which recipients we share Your personal data with, and for which purposes, will depend on which service You use. When we share Your personal data, we take all reasonable contractual, legal, technical, and organisational measures to ensure that Your personal data is treated with an adequate level of protection and in accordance with applicable law.

xpate does not sell or rent any of the collected information to third parties. It will be used to process full service delivery.

7.1.        Suppliers and subcontractors

xpate may share personal data with the suppliers and subcontractors we use in order to provide our Services to You. Suppliers and subcontractors are companies who are only entitled to process the personal data they receive from xpate on xpate’s behalf. Examples of such suppliers and subcontractors are software- and data storage providers, security providers, compliance service providers, and business consultants.

We will share your personal data with ComplyAdvantage. The terms of their privacy policy can be found at https://complyadvantage.com/terms-and-conditions/#privacy-cookies.

7.2.        Payment service providers (“PSPs”) and financial institutions

PSPs provide xpate with services for accepting and administrating electronic payments through a variety of payment methods including credit card, and bank-based payments such as direct debit, bank transfers, etc. Some PSPs also collect and use Your information independently in accordance with their own privacy notices. This is for example the case if You use a digital wallet.

In addition, xpate may share Your information with other financial institutions when You conduct transactions with Your account, in order to perform the transactions.

 

7.3.        Fraud prevention agencies and companies that supply identity lookups

Your personal data may be shared with fraud prevention agencies and companies that supply identity lookups in order to verify Your identity, the accuracy of the data You have provided us with, and to prevent criminal activities.

Fraud prevention agencies can hold Your personal data for different periods of time. We and fraud prevention agencies may also enable law enforcement agencies to access and use Your personal data to detect, investigate and prevent crime.

7.4.        xpate group

Your information may be shared with companies within the xpate group, based on xpate’s legitimate interest to conduct its business.

7.5.        Social media companies

If You contact us through social media such as Facebook or Twitter, Your data will be recorded and processed by those companies, in accordance with their privacy notices.

7.6.        A person holding a power of attorney of Your affairs

xpate will share Your data with a person holding a power of attorney from You, allowing the person holding the power of attorney to receive such data. This sharing will be done based on Your consent.

7.7.        Authorities

xpate may disclose necessary information to authorities such as the police, tax agencies or other authorities if we are required to do so by law, or under some circumstances if You have requested us to do so or if it is required to administer tax deductions. One example of such legally required disclosures is disclosure for purposes of anti-money laundering and counter terrorist financing.

7.8.        Debt Collection Agencies and other outstanding claims

xpate may share Your information when selling, or assigns to collect, unpaid debts to third parties, e.g. to debt collection agencies. This sharing of personal data is based on our legitimate interest in collecting and selling debts. The debt collection agencies or any other purchasers may process Your personal data in line with their own privacy notices, or on xpate’s behalf.

If we need to transfer Your personal data to a third country (i.e. a country outside the UK or the EEA respectively), we will do it under one of the following conditions:

• The destination country has been recognised by the United Kingdom or the European Commission respectively as ensuring an adequate level of personal data protection (i.e. there is an “Adequacy decision” in relation to this country).
• Other appropriate safeguards exist for the data transfer (including but not limited to binding corporate rules, standard data protection clauses in the cooperation agreement or an approved code of conduct, in accordance with Article 46 of UK GDPR and EU GDPR).
• In the absence of the above safeguards, in cases allowed by the applicable legislation including if You have given Your explicit consent for the transfer or if the transfer is needed for:

• the performance of a contract between You and us,
• conclusion or performance of a contract concluded in Your interest,
• establishment, exercise or defense of legal claims,
• important reasons of public interest

You may request information regarding specific safeguards by contacting xpate using the contact details in section 1.

8. Data Security

The security of Your data is important to the Company. xpate uses all the latest data protection tools with the highest standards in the market. Company provides the data only to those employees who need it to perform their activities. For higher level security, it is recommended to protect Your password, use the latest up-to-date browser while using xpate’s services.

Any data and information provided to Company is encrypted using advanced technologies, and xpate’s Websites and underlying services have security measures in place to protect against the loss, misuse and alteration of any data and information received by the Company.

9. Choices available to You

You have choices when it comes to the privacy practices and communications described in this Privacy Policy.

Many of the choices are explained when You sign up to or use the Company’s services.

9.1.        Choices relating to the Personal Data collection and use

You may decline to provide personal data when requested. In this case, You might not be able to use crucial parts of xpate’s services or become a customer. You also have the ability to avoid sharing information collected from the device You use while accessing xpate's Websites (including but not limited to location and usage data) and used by xpate through the settings of Your browser or device.

9.2.        Choices relating to Cookies

In accordance with the applicable personal data protection legislation, we can store necessary cookies on Your device if they are strictly necessary for the operation of our Websites. You cannot refuse to use the necessary and functional cookies when visiting xpate Websites since it is not possible to ensure the functioning of the Websites in their absence.

However, we also use other types of cookies to personalize content and ads, to provide social media features, and to analyze our traffic. We may share information about Your use of our site with our social media, advertising and analytics partners who may combine it with other information that You’ve provided to them or that they’ve collected from Your use of their services. Some cookies are placed by third party services that appear on our pages.

For such other types of cookies, we need your active consent. When accessing our Websites, You will be asked whether You consent to our use of non-essential cookies. You can at any time change or withdraw Your consent for these other types of cookies from the Cookie Policy on our Websites. You may also switch off cookies and other tracking technology in the browser’s settings of Your device. However, if cookies are switched off, some services of our Websites may become unavailable if those particular cookies are essential for the correct functionality of the Website or the service in question

9.3.        Choices relating to communication

The Company may send You advertisement about the services and products via including but not limited to email, text messages and push notifications. You may refuse or change preferences of these marketing communications in your xpate online account settings. Additionally, You may receive notifications with important information related to our business relationship with You and the provision of our services to You. These important communications may not be refused; however, You can choose the channel and format through which You prefer to receive these messages in Your online account or by contacting xpate.

9.4.        Change of Your personal data

You can check the data You have provided to us at any time, and You can change it on Your account online or by contacting xpate.

10. Your data protection rights

10.1.        Right to be informed.

You have the right to be informed about how we process Your information. We do this through this Privacy Policy, other information on our Websites, and by answering Your questions sent to us.

10.2.        Right to access Your data.

You may request a copy of Your data if You would like to know what personal data we process about You. This copy of Your personal data can also be transmitted in a machine readable format (i.e. “data portability”).

10.3.        Right to rectification.

You have the right to correct inaccurate or incomplete information we hold about Yourself.

10.4.        Right to erasure.

You have the right to request deletion of Your personal data, for example, when it is no longer necessary for us to process the data for the purpose it was collected, or when You have withdrawn Your consent. However, there may be certain legal obligations preventing us from immediately deleting some of Your personal data.

10.5.        Right to restrict processing of Your data or object to our processing.

If You believe Your information is incorrect or You believe we use Your data unlawfully, You have the right to ask us to stop the processing. You may also object to our processing where You believe there are circumstances that would make such processing unlawful. Furthermore, You can always object to us using Your data for direct marketing.

10.6.        Right to challenge an automated decision.

You have the right to challenge an automated decision made by xpate if this decision carries with it legal or similarly significant effects. See section 6. xpate’s profiling and automated decision making of the present Policy for more information on how xpate uses automated decisions.

10.7.        Right to withdraw consent.

Where we process Your data based on Your consent or explicit consent, You may withdraw this consent at any time. You can do this in accordance with the steps described in section 9 depending on the data in question or by contacting xpate with Your specific request.

 

10.8.        Right to lodge a complaint.

We encourage You to contact us if You have any questions in relation to the present Policy. In case You have not received a satisfactory reply or solution from us, however, You have the right to lodge a complaint with Your national supervisory data protection authority. Complaints to the UK supervisory authority (the Information Commissioner) can be made using this link: https://ico.org.uk/make-a-complaint/ 

11. Children’s Privacy

xpate services do not address anyone under the age of 18 (hereinafter Children). xpate does not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your Children has provided Company with Personal Data, please contact xpate.

12. Privacy policy changes notification

xpate reserves the right to periodically make updates to this Privacy Policy. Every customer will be notified via their chosen communication channel about material changes that have been made to stay informed regarding how xpate is processing personal data.