Updated: February 2022
We are committed to maintaining the highest standards of confidentiality, protection of personal data and respecting the privacy of our customers and associated persons who deal with us. Our commitment to privacy includes being transparent about the nature and extent of the personal data processing we undertake. This Privacy Notice aims to give you information on why and how we collect and process your data.
This privacy notice contains information about the information collected, stored and otherwise processed about you and the reasons for the processing. It also tells you who we share this information with, the security mechanisms we have put in place to protect your information and how to contact us in the event you need further information. This notice is applicable in connection with:
The MXC Foundation is a web3.0 infrastructure and is regulated by the Financial Services Authority.
The effective management of all personal data, including its security and confidentiality, lies at the very heart of our business and underpins our practices and processes. As a firm with a global presence, we are subject to the varying requirements of data protection legislation in the jurisdictions where we operate. We aim to be as consistent as possible and obey all applicable laws and apply the highest standard of privacy laws to our approach.
The Site and any applicable web browser, the App or application programming interface required to access the Services, may include links to third-party websites, plugins and applications (“Third-Party Sites”). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these Third-Party Sites and are not responsible for their privacy statements and policies. When you leave our Site or Applications, we encourage you to read the privacy notice or policy of every Third-Party Site you visit or use.
Personal data or personal information means any information about a living individual from
which that person can be identified (“personal information”).
First name, maiden name, last name, username or similar identifier, title, date of birth, gender, biometric information, including a visual image of your face, national identity cards, passports, driving licences or other forms of identification documents.
- Social Identity data:
Your group/company data, information on referrals related to you, political background,
close connections, behavioural data, risk assessment, compliance assessment.
Residence details, billing address, delivery address, home address, work address, email
address and telephone numbers, proof of address documentation.
Information about how you use the Site, the Services, mobile applications and other
offerings made available by us, including: device download time, install time, interaction
type and time, event time, name and source.
Internet connectivity data, internet protocol (IP) address, operator and carrier data, login
data, browser type and version, device type, category and model, time zone setting and
location data, language data, application version and SDK version, browser plug-in types and
versions, operating system and platform, diagnostics data such as crash logs and any other
data we collect to measure technical diagnostics, and other information stored on or
available regarding the devices you allow us access to when you visit the Site or use the
Services or the App.
Details about payments to and from you, other details of any transactions you enter into
using the Services, Site or App.
Bank account, payment card details, virtual currency accounts, stored value accounts,
amounts associated with accounts, external account details, source of funds and related
The Company may also keep records of your trading behaviour, including a record of:
Products you trade and their performance;
(a) Historical data about the trades and investments you have made including the amount
(b) Historical data about your payment activities and your withdrawal activities
If information is uploaded to our systems in connection with the services we retain this
information in line with our retention policy.
Where we need to collect personal data by law, or under the terms of a contract we have
with you, and you refuse to provide that data when requested, we may not be able to
perform the contract we have or are trying to enter into with you – for example, to provide
you Services. In this case, we may have to cancel a product or service you have with us, but
we will notify you if this is the case at the time
We gather various types of information from the following sources:
This includes personal data you provide when you:
● visit our Site or App;
● apply for our Services;
● create an account;
● make use of any of our Services;
● request marketing to be sent to you, for example by subscribing to our newsletters;
● enter a competition, promotion or survey, including through social media channels;
● give us feedback or contact us.
We also obtain information about you, including Social Identity Data, from third parties or publicly available sources. These sources may include:
● fraud and crime prevention agencies,
● a customer referring you,
● public blockchain,
● publicly available information on the Internet (websites, articles etc.)
In accordance with the applicable legislative regime, we may use the information we collect from our customers and their users in connection with the services we provide for a range of reasons, including to:
For further information, please read the section headed “Cookies” in the “Your Privacy Rights” section of this statement.
We collect this information via our websites:
We may access and use information from credit reference and fraud prevention agencies when you open your account and periodically to:
We will only use your data when the applicable legislation allows us to. In other words, we have to ensure that we have a lawful basis for such use. If you are located in the EEA, UK or Switzerland, we rely on the principles and legal bases provided by the GDPR for processing your data.
We will use your data in the following circumstances:
There are no specific dictates in SVG Law regarding the retention of personal data for LLCs but for financial, audit and anti-money laundering compliance the limit is 7 years. Other than for those purposes, retention periods for personal data are determined based on the type of data, amount, the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal=, regulatory, tax, accounting and other requirements.
If we determine that we no longer need your data to fulfil the purposes we collected it for, we will either erase (delete) it or anonymize it.
Here are some factors which we usually consider when determining how long we need to retain your data:
● If there is a complaint;
● if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims (e.g., email addresses and content, chats, letters will be kept up to 7 years following the end of our relationship)
● to comply with any applicable legal and/or regulatory requirements concerning certain types of personal data (e.g., information is needed for audit purposes and so forth);
● in accordance with relevant industry standards or guidelines;
● in accordance with our legitimate business need to prevent abuse of the promotions that we launch. We will retain a customer’s data for the time of the promotion and for a certain period after its end to prevent the appearance of abusive behaviour.
Please note that under certain conditions (s), you can ask us to delete your data. We will honour your deletion request ONLY if the condition(s) is met. However, when interacting with any blockchain, we may not be able to ensure that your data is deleted. This is because blockchains are public decentralised networks and blockchain technology does not generally allow for data to be deleted and your right to erasure may not be able to be fully enforced. In these circumstances, we will only be able to ensure that all personal data that is held by us is permanently deleted.
We have CCTV in various locations on our premises. CCTV is kept until the storage is full and then it is overwritten. We have some cameras that take constant images and some that are activated by motion and consequently our retention policy varies by premises. Our retention policy for CCTV footage varies between 14-90 days depending on the location and nature of the recording. We will supply footage if we have it, but do not commit to supplying any footage over 14 days.
Job applicants’ data is kept beyond the duration of the application process.
We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory or technical reasons. As an example, we have to hold pension transfer information indefinitely; and if you apply for insurance cover through us, we may keep insurance claims data for up to 15 years after you stop being a customer.
We do not rent or sell your personal information to anyone. We may share and disclose information (including personal information) about our customers in the following limited circumstances:
If MXC Foundation services receive your personal information and subsequently transfer that information to a third-party agent or service provider for processing, MXC Foundation services remain committed to ensuring that such third-party agent or service provider processes your personal information to the standard required to meet GDPR and other local privacy laws.
We may transfer data when we process an international transaction as part of our contract of service with you. If you send payment information or engage in a money transfer, you allow the end destination bank access to your data.
These countries may not have similar data protection laws to those in your country of residence. However, we will always protect your information on the basis that anyone to whom we pass the information protects it in the same way we would and in accordance with this privacy notice and applicable laws. All international transfers outside the EU are protected by EU-based modal contract clauses where there are terms approved by the EU commission.
Personal Information you submit on the websites or through our MXC system is processed on our servers. Information sent from the client to the server is encrypted and our servers are securely protected.
For your convenience, hyperlinks may be posted on the website that links to other websites. We are not responsible for these sites, and this privacy notice does not apply to, the privacy practices of any linked sites or of any companies that we do not own or control. Linked sites may collect information in addition to that which we collect on our website. We encourage you to seek out and read the privacy notice of each linked site that you visit to understand how the information that is collected about you is used and protected.
We may choose to buy or sell assets and may share or transfer customer information in connection with the evaluation of these transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.
We may also share your data with other institutions with which we have a financial interest for the purposes consistent with this Privacy Notice. When we send your data to our affiliate companies, you are protected by model contract clauses.
- Bank of St. Vincent and the Grenadines
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at the senior level.
What choices do I have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to transact with us or to take advantage of some of our offers and discounts.
Processing of personal data associated with the use of these cookies occurs based on our Legitimate Interests to administer the website.
Our cookies are listed below.
_ga - 2 years - This is a Google Analytics cookie used to distinguish users.
_gid - 24 hours - This is a Google Analytics cookie used to distinguish users and its main purpose is for the performance of the site.
_gat - 1 minute - This is a Google Analytics cookie used to throttle the request rate limiting the collection of data on high traffic sites.
PHPSESSID - Expire when browser is closed - In-house cookie generated by applications based on the PHP language. This is a general-purpose identifier used to maintain user session variables. It is normally a random-generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages. This is technically required for the functioning of the website.
You can deactivate the non-technical cookies by not consenting to non-essential cookies when your first visit the site. When you first visit the site, it gives you an opportunity to opt-in or opt-out of cookies.
You may also set your browser’s setting to deactivate cookies. If you use that option, some functions of this website (e.g. login, memory of preferences etc.) may not be available. Detailed guidance on how to control cookies preferences for the most common browsers can be found at:
You also have the option to install the Google Analytics opt-out browser add-on and thereby deactivate the use of Google Analytics cookies and the associated data processing. You can find the opt-out browser add-on here.
You can find the Google privacy notice here. Google Analytics privacy notice.
The right to object to the processing:
You have the right to object to the processing of your data, where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms; in some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms; you also have the right to object where we are processing your data for direct marketing purposes;
The right to information:
You have the right to be informed whether and to what extent we process your data.
The right of access:
Subject to certain exceptions you have the right to obtain confirmation as to whether or not we process your peta, and if we do, request access to your data. to receive a copy of the personal data we hold about you and information regarding how your data is being used by us;
The right to rectification:
If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time. Please note that we may need to verify the accuracy of the new data you provide to us;
The right to deletion:
Subject to certain exceptions if you consider that we should stop processing some or all of your personal data, you right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example where retention is required to meet legal or regulatory obligations).
The right to restrict the processing:
You have the right to request that we restrict the processing of your personal data in certain situations
- If you contest the accuracy of your personal data, you may request that ssing is restricted while we verify its accuracy.
- If the processing of your data is considered unlawful, but you do not require the deletion of your data.
- If we no longer need the data for its processing, but you need it for the establishment, exercise or defence of legal claims.
- If you object to our processing of your data based on our legitimate interests
The right to data portability:
Where the processing takes place based on your consent or contract and is carried out by automated means, you have the right to request that we provide your data to you in a machine-readable format.
Rights in relation to automated decision making and profiling:
You have the right to require that decisions be reconsidered if they are made solely by automated means, without human involvement; we use automated tools to make sure that you are eligible to be our customer taking into account our interests and legal obligations; if these automated tools indicate that you do not meet our acceptance criteria, we will not onboard you as our customer;
The right to withdraw your consent:
If your data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you would like to access, review, update, rectify, and delete any personal information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), you can obtain contact information from the “Contact Us” section of this privacy notice. Our privacy team will examine your request and respond to you as quickly as possible.
Please note that we may still use any aggregated and de-identified personal information that does not identify any individual. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
You may be subject to automated decision making in the following circumstances:
We may decide what to charge for some products and services based on what we know. This will help us decide whether to offer you the product and what price to charge you.
Tailoring Products, Services, Offers and Marketing:
We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs and behaviours, and to make decisions based on what we learn. This helps us to design products, services and offers for different customer segments, and to manage our relationships with them. It also helps us tailor the information that individuals receive or see on our own and other websites and mobile apps, including social media.
We use your personal information to help decide if your personal or business accounts may be being used for fraud or money laundering. We may detect that an account is being used in ways that fraudsters work. Additionally, we may notice that an account is being used in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the account or refuse access to it.
When you open an account with us, we check that the product or service is relevant to you, based on what we know. We also check that you or your business meets the conditions needed to open the account.
Loans and Mortgages and Credit provision:
If you take a loan, mortgage or we provide credit to you, we will use your personal information to assess the outcome of the decision to grant you a loan mortgage or credit.
To help us make decisions on when to give you credit, we credit score to assess your application. To work out your credit score, we look at the information you give us when you apply; information from credit reference agencies that will show us whether you’ve kept up to date with payments on any credit accounts (that could be any mortgages, loans, credit cards or overdrafts), or if you’ve had any court action such as judgments or bankruptcy; your history with us such as maximum level of borrowing; and affordability, by looking at your available net income and existing debts.
You have rights concerning automated decision making, including a right to appeal if your application is refused.
Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other products or services provided by us or other Group companies which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you, or you no longer wish to receive this information, you can have your information removed by clicking the unsubscribe link at the bottom of each email communication or by contacting us. For the contact information, please look at the “Contact Us” section of this notice.
We may still send you non-promotional communications, for instance, administration related emails concerning your account.
For any GDPR enquiry, you can email us at firstname.lastname@example.org
Or call us +1 (424) 408 1253
You can write to us at P. O. Box 1574
First floor, First St. Vincent Bank Ltd
James Street, Kingstown
St. Vincent and the Grenadines
For further information, you can find us at www.mxc.org
Changes to this privacy statement occur from time to time as the business develops and grows and adds more processing. You are encouraged to check back regularly to see any changes that may have occurred.
For children under the age of 18, all data held for children is with the consent of their parents and is held to administer a bank account. Our practice is to hold bank accounts jointly in the name of the child and the adult parent. Identification details are held for both the child and the parent.