Keeping your information safe

Updated: February 2022

Introduction

We are committed to maintaining the highest standards of confidentiality, protection of personal data and respecting the privacy of our customers and associated persons who deal with us. Our commitment to privacy includes being transparent about the nature and extent of the personal data processing we undertake.  This Privacy Notice aims to give you information on why and how we collect and process your data.

APPLICABILITY

This privacy notice contains information about the information collected, stored and otherwise processed about you and the reasons for the processing. It also tells you who we share this information with, the security mechanisms we have put in place to protect your information and how to contact us in the event you need further information. This notice is applicable in connection with:

  • register and/or attend any of our events, webinars, or the conferences we host;
    and
  • if you use any of our websites, products, services or applications (collectively the “services”) in any manner.

By accessing our Company’s website including using any of the communication channels to contact us, we consider that you have read, understood and accepted the terms of this Privacy Policy and how we process any information you disclose to us. Moreover, you agree that this Privacy Policy, including any amendments from time to time, will govern how we collect, store, use, share and in any other form process your data and your rights during our relationship and after its termination.

The information contained herein supersedes any information concerning the processing of personal data that is included in any of the existing Agreements/Client Agreement and associated forms on matters that are covered by this Privacy Policy. The Company may revise or update this Policy from time to time. The new version of this Privacy Policy will be available on the Company’s website

Who we are?

This Privacy Policy provides an overview of how MXC Foundation, a limited liability company (LLC) incorporated and validly existing under the laws of St. Vincent and the Grenadines, with registration number no. 1793 LLC 2022 (the “Company”) processes individuals’ data and sets out the information that the Company must provide to such individuals and/or natural persons.

The MXC Foundation is a web3.0 infrastructure and is regulated by the Financial Services Authority.
The effective management of all personal data, including its security and confidentiality, lies at the very heart of our business and underpins our practices and processes. As a firm with a global presence, we are subject to the varying requirements of data protection legislation in the jurisdictions where we operate. We aim to be as consistent as possible and obey all applicable laws and apply the highest standard of privacy laws to our approach.

The Site and any applicable web browser, the App or application programming interface required to access the Services, may include links to third-party websites, plugins and applications (“Third-Party Sites”). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these Third-Party Sites and are not responsible for their privacy statements and policies. When you leave our Site or Applications, we encourage you to read the privacy notice or policy of every Third-Party Site you visit or use.

What is Personal Information and what Information do We Collect?

Personal data or personal information means any information about a living individual from

which that person can be identified (“personal information”).


Examples of specific data sets:

-Identity data:

First name, maiden name, last name, username or similar identifier, title, date of birth, gender, biometric information, including a visual image of your face, national identity cards, passports, driving licences or other forms of identification documents.


- Social Identity data:

Your group/company data, information on referrals related to you, political background,

close connections, behavioural data, risk assessment, compliance assessment.

- Contact data:

Residence details, billing address, delivery address, home address, work address, email

address and telephone numbers, proof of address documentation.

- Usage data:

Information about how you use the Site, the Services, mobile applications and other

offerings made available by us, including: device download time, install time, interaction

type and time, event time, name and source.

- Technical data:

Internet connectivity data, internet protocol (IP) address, operator and carrier data, login

data, browser type and version, device type, category and model, time zone setting and

location data, language data, application version and SDK version, browser plug-in types and

versions, operating system and platform, diagnostics data such as crash logs and any other

data we collect to measure technical diagnostics, and other information stored on or

available regarding the devices you allow us access to when you visit the Site or use the

Services or the App.

- Transactional data:

Details about payments to and from you, other details of any transactions you enter into

using the Services, Site or App.

- Financial data:

Bank account, payment card details, virtual currency accounts, stored value accounts,

amounts associated with accounts, external account details, source of funds and related

documentation.

The Company may also keep records of your trading behaviour, including a record of:

Products you trade and their performance;

(a) Historical data about the trades and investments you have made including the amount

invested

(b) Historical data about your payment activities and your withdrawal activities

If information is uploaded to our systems in connection with the services we retain this

information in line with our retention policy.

What happens If you refuse to provide personal data?

Where we need to collect personal data by law, or under the terms of a contract we have

with you, and you refuse to provide that data when requested, we may not be able to

perform the contract we have or are trying to enter into with you – for example, to provide

you Services. In this case, we may have to cancel a product or service you have with us, but

we will notify you if this is the case at the time

How do we collect this information?

We gather various types of information from the following sources:

Direct interactions

This includes personal data you provide when you:
● visit our Site or App;
● apply for our Services;
● create an account;
● make use of any of our Services;
● request marketing to be sent to you, for example by subscribing to our newsletters;
● enter a competition, promotion or survey, including through social media channels;
● give us feedback or contact us.

Third parties or publicly available sources

We also obtain information about you, including Social Identity Data, from third parties or publicly available sources. These sources may include:

● fraud and crime prevention agencies,
● a customer referring you,
● public blockchain,
● publicly available information on the Internet (websites, articles etc.)

How do we use the information?

In accordance with the applicable legislative regime, we may use the information we collect from our customers and their users in connection with the services we provide for a range of reasons, including to:

  • provide, operate and maintain the services;
  • process and complete transactions, and send related information, including transaction confirmations and invoices;
  • manage our customers’ use of the services, respond to enquiries and comments and provide customer service and support;
  • send customers technical alerts, updates, security notifications, and administrative communications;
  • verify customers identity and check credit with credit reference agencies;
  • investigate and prevent fraudulent activities, unauthorised access to the services, and other illegal activities; and
  • for any other purposes about which we notify customers and users.

For further information, please read the section headed “Cookies” in the “Your Privacy Rights” section of this statement.

We collect this information via our websites:

  • to administer our website, our events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
  • to improve our website to ensure that content is presented most effectively for you and your computer;
  • for trend monitoring, marketing and advertising;
  • for compliance purposes, for example, to comply with Know Your Client(KYC) and Anti Money Laundering (AML) laws;
  • for purposes made clear to you at the time you submit your information – for example, to fulfil your request for an information note requested about our services;
  • as part of our efforts to keep our website secure.

We may access and use information from credit reference and fraud prevention agencies when you open your account and periodically to:

  • manage your accounts, including assessing your creditworthiness and checks to avoid customers becoming over-indebted;
  • to prevent criminal activity, fraud and money laundering;
  • to check your identity and verify the accuracy of the information you provide to us;
  • to trace debtors and recover debts.

Lawful basis

We will only use your data when the applicable legislation allows us to. In other words, we have to ensure that we have a lawful basis for such use. If you are located in the EEA, UK or Switzerland, we rely on the principles and legal bases provided by the GDPR for processing your data.

We will use your data in the following circumstances:

  • Performance of a contract:  this means processing your data where it is necessary for the performance of a contract. E.g. opening an account; maintaining your account details and services connected with an account. This is also necessary for our notary service for the arrangement of Mortgages and Loans as well as for the administration of your pension affairs.
  • Legitimate Interest: means our interests or those of a third party, where we make sure that we used this basis as far as your interests and individual rights do not override those interests. E.g. Our use of your personal information to ensure network and information security if you use any of our systems, and for Credit Checking your details. This applies to the purposes of direct marketing, to provide you with the most appropriate products and services. We will not share your information with third parties for their marketing purposes without your permission. Furthermore,  this “legitimate interest” also applies to risk reporting, general financial and accounting reporting, to internal management and supervisory bodies.
  • Compliance with a Legal Obligation means processing your data where we need to comply with a legal obligation. For example, when you apply for a product or service, we are required by law to collect and process certain personal information about you. As indicated above, if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account or provide services to you. This includes processing to: confirm your identity, to perform checks and monitor transactions and location data for preventing and detecting crime and complying with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This may require us to process information about criminal convictions to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies. We are legally obliged to assess the affordability and suitability of credit for initial credit applications and throughout the relationship, including analysing customer credit data for regulatory reporting. We have a legal obligation to report suspicious activity and comply with court orders.
  • Consent means freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by clear affirmative action, signify agreement to the processing of personal data relating to you.

Retention policy

There are no specific dictates in SVG Law regarding the retention of personal data for LLCs but for financial, audit and anti-money laundering compliance the limit is 7 years. Other than for those purposes,  retention periods for personal data are determined based on the type of data, amount, the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal=, regulatory, tax, accounting and other requirements.

If we determine that we no longer need your data to fulfil the purposes we collected it for, we will either erase (delete) it or anonymize it.

Here are some factors which we usually consider when determining how long we need to retain your data:

● If there is a complaint;
● if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims (e.g., email addresses and content, chats, letters will be kept up to 7 years following the end of our relationship)
● to comply with any applicable legal and/or regulatory requirements concerning certain types of personal data (e.g., information is needed for audit purposes and so forth);
● in accordance with relevant industry standards or guidelines;
● in accordance with our legitimate business need to prevent abuse of the promotions that we launch. We will retain a customer’s data for the time of the promotion and for a certain period after its end to prevent the appearance of abusive behaviour.

Please note that under certain conditions (s), you can ask us to delete your data. We will honour your deletion request ONLY if the condition(s) is met. However, when interacting with any blockchain, we may not be able to ensure that your data is deleted. This is because blockchains are public decentralised networks and blockchain technology does not generally allow for data to be deleted and your right to erasure may not be able to be fully enforced. In these circumstances, we will only be able to ensure that all personal data that is held by us is permanently deleted.

We have CCTV in various locations on our premises. CCTV is kept until the storage is full and then it is overwritten. We have some cameras that take constant images and some that are activated by motion and consequently our retention policy varies by premises. Our retention policy for CCTV footage varies between 14-90 days depending on the location and nature of the recording. We will supply footage if we have it, but do not commit to supplying any footage over 14 days.

Job applicants’ data is kept beyond the duration of the application process.

We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory or technical reasons. As an example, we have to hold pension transfer information indefinitely; and if you apply for insurance cover through us, we may keep insurance claims data for up to 15 years after you stop being a customer.


How do we share and disclose information to third parties?

We do not rent or sell your personal information to anyone. We may share and disclose information (including personal information) about our customers in the following limited circumstances:

  • where required for your product or service. If you ask us to, we will share information with any third party that provides you with account information or payment services. If you ask a third-party provider to provide you with account information or payment services, you’re allowing that third party to access information relating to your account. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
  • we may share your information with the Police, National Crime Agency or Revenue and Customs if requested to do so;
  • we may share your information for compliance purposes to national law enforcement agencies in other countries if requested to do so for compliance purposes;
  • we may share your information with third-party vendors, consultants and other service providers who we employ to perform tasks on our behalf;
  • we may share your information with credit reference agencies, and they will give us information about you for credit and identity checks;
  • we may share information with other banks and third parties where required by law to help recover funds that have entered your account as a result of a misdirected payment by such a third party;
  • we may share information with other banks to help trace funds where you are a victim of suspected financial crime and you have agreed for us to do so, or where we suspect funds have entered your account because of a financial crime;
  • we may share information with third parties providing services to us, such as correspondent banking, and agents and sub-contractors acting on our behalf.
  • If false or inaccurate information is provided and/or fraud is identified or suspected, details will be passed to fraud prevention agencies. Law enforcement agencies and other organisations may access and use this information;
  • If any additional authorised users are added to your account, we may share information about the use of the account by any authorised user with all other authorised users.

If MXC Foundation services receive your personal information and subsequently transfer that information to a third-party agent or service provider for processing, MXC Foundation services remain committed to ensuring that such third-party agent or service provider processes your personal information to the standard required to meet GDPR and other local privacy laws.

International data transfers

We may transfer data when we process an international transaction as part of our contract of service with you. If you send payment information or engage in a money transfer, you allow the end destination bank access to your data.

These countries may not have similar data protection laws to those in your country of residence. However, we will always protect your information on the basis that anyone to whom we pass the information protects it in the same way we would and in accordance with this privacy notice and applicable laws. All international transfers outside the EU are protected by EU-based modal contract clauses where there are terms approved by the EU commission.

Personal Information you submit on the websites or through our MXC system is processed on our servers. Information sent from the client to the server is encrypted and our servers are securely protected.

Linked Websites:
For your convenience, hyperlinks may be posted on the website that links to other websites. We are not responsible for these sites, and this privacy notice does not apply to, the privacy practices of any linked sites or of any companies that we do not own or control. Linked sites may collect information in addition to that which we collect on our website. We encourage you to seek out and read the privacy notice of each linked site that you visit to understand how the information that is collected about you is used and protected.

Business Transfers:
We may choose to buy or sell assets and may share or transfer customer information in connection with the evaluation of these transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.

Other Institutions:
We may also share your data with other institutions with which we have a financial interest for the purposes consistent with this Privacy Notice. When we send your data to our affiliate companies, you are protected by model contract clauses.

Auditors:

- KPMG

Bankers:

- Bank of St. Vincent and the Grenadines

Security

We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at the senior level.

Exercising your privacy rights

What choices do I have?

You can always opt not to disclose information to us, but keep in mind some information may be needed to transact with us or to take advantage of some of our offers and discounts.

Cookies

We use Cookies and other internet tracking software to collect data while you are using our websites or mobile apps. Cookies allow us to store information about the computer device you use to access our website so that you can conduct business with us easily. They allow us to recognise when you revisit our websites and to evaluate our websites’ advertising and promotional effectiveness. We use both our own (first-party) and partner companies (third-party) cookies to support this activity.

We do not use Cookies to:

  • track your Internet usage after leaving the website or
  • store personal information others may read and understand.

Processing of personal data associated with the use of these cookies occurs based on our Legitimate Interests to administer the website.

Our cookies are listed below.

Cookie name - default Expiration time - description

_ga - 2 years - This is a Google Analytics cookie used to distinguish users.
_gid - 24 hours - This is a Google Analytics cookie used to distinguish users and its main purpose is for the performance of the site.
_gat - 1 minute - This is a Google Analytics cookie used to throttle the request rate limiting the collection of data on high traffic sites.
PHPSESSID - Expire when browser is closed - In-house cookie generated by applications based on the PHP language. This is a general-purpose identifier used to maintain user session variables. It is normally a random-generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages. This is technically required for the functioning of the website.

You can deactivate the non-technical cookies by not consenting to non-essential cookies when your first visit the site. When you first visit the site, it gives you an opportunity to opt-in or opt-out of cookies.

You may also set your browser’s setting to deactivate cookies. If you use that option, some functions of this website (e.g. login, memory of preferences etc.) may not be available. Detailed guidance on how to control cookies preferences for the most common browsers can be found at:

  • Google Chrome
  • Mozilla Firefox
  • MacOS Safari
  • Microsoft Internet Explorer
  • For other browsers please see allaboutcookies.org

You also have the option to install the Google Analytics opt-out browser add-on and thereby deactivate the use of Google Analytics cookies and the associated data processing. You can find the opt-out browser add-on here.

https://tools.google.com/dlpage/gaoptout

You can find the Google privacy notice here. Google Analytics privacy notice.

Your rights subject to the application of GDPR

The right to object to the processing:
You have the right to object to the processing of your data, where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms; in some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms; you also have the right to object where we are processing your data for direct marketing purposes;

The right to information:
You have the right to be informed whether and to what extent we process your data.

The right of access:
Subject to certain exceptions you have the right to obtain confirmation as to whether or not we process your peta, and if we do, request access to your data. to receive a copy of the personal data we hold about you and information regarding how your data is being used by us;

The right to rectification:
If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time. Please note that we may need to verify the accuracy of the new data you provide to us;

The right to deletion:
Subject to certain exceptions if you consider that we should stop processing some or all of your personal data, you right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example where retention is required to meet legal or regulatory obligations).

The right to restrict the processing:
You have the right to request that we restrict the processing of your personal data in certain situations
- If you contest the accuracy of your personal data, you may request that ssing is restricted while we verify its accuracy.
- If the processing of your data is considered unlawful, but you do not require the deletion of your data.
- If we no longer need the data for its processing, but you need it for the establishment, exercise or defence of legal claims.
- If you object to our processing of your data based on our legitimate interests

The right to data portability:
Where the processing takes place based on your consent or contract and is carried out by automated means, you have the right to request that we provide your data to you in a machine-readable format.

Rights in relation to automated decision making and profiling:
You have the right to require that decisions be reconsidered if they are made solely by automated means, without human involvement; we use automated tools to make sure that you are eligible to be our customer taking into account our interests and legal obligations; if these automated tools indicate that you do not meet our acceptance criteria, we will not onboard you as our customer;

The right to withdraw your consent:
If your data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.


How can I exercise my data subject rights?

If you would like to access, review, update, rectify, and delete any personal information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), you can obtain contact information from the “Contact Us” section of this privacy notice. Our privacy team will examine your request and respond to you as quickly as possible.

Please note that we may still use any aggregated and de-identified personal information that does not identify any individual. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Automated decision making

You may be subject to automated decision making in the following circumstances:

Pricing:
We may decide what to charge for some products and services based on what we know. This will help us decide whether to offer you the product and what price to charge you.

Tailoring Products, Services, Offers and Marketing:

We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs and behaviours, and to make decisions based on what we learn. This helps us to design products, services and offers for different customer segments, and to manage our relationships with them. It also helps us tailor the information that individuals receive or see on our own and other websites and mobile apps, including social media.

Detecting Fraud:
We use your personal information to help decide if your personal or business accounts may be being used for fraud or money laundering. We may detect that an account is being used in ways that fraudsters work. Additionally, we may notice that an account is being used in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the account or refuse access to it.

Opening Accounts:
When you open an account with us, we check that the product or service is relevant to you, based on what we know. We also check that you or your business meets the conditions needed to open the account.

Loans and Mortgages and Credit provision:

If you take a loan, mortgage or we provide credit to you, we will use your personal information to assess the outcome of the decision to grant you a loan mortgage or credit.

To help us make decisions on when to give you credit, we credit score to assess your application. To work out your credit score, we look at the information you give us when you apply; information from credit reference agencies that will show us whether you’ve kept up to date with payments on any credit accounts (that could be any mortgages, loans, credit cards or overdrafts), or if you’ve had any court action such as judgments or bankruptcy; your history with us such as maximum level of borrowing; and affordability, by looking at your available net income and existing debts.

You have rights concerning automated decision making, including a right to appeal if your application is refused.

Marketing:

Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other products or services provided by us or other Group companies which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you, or you no longer wish to receive this information, you can have your information removed by clicking the unsubscribe link at the bottom of each email communication or by contacting us. For the contact information, please look at the “Contact Us” section of this notice.

We may still send you non-promotional communications, for instance, administration related emails concerning your account.

Contact us

For any GDPR enquiry, you can email us at hello@mxc.org
Or call us +1 (424) 408 1253

You can write to us at P. O. Box 1574

First floor, First St. Vincent Bank Ltd

James Street, Kingstown

St. Vincent and the Grenadines

For further information, you can find us at www.mxc.org

Changes to this privacy statement occur from time to time as the business develops and grows and adds more processing. You are encouraged to check back regularly to see any changes that may have occurred.

Information about children

For children under the age of 18, all data held for children is with the consent of their parents and is held to administer a bank account. Our practice is to hold bank accounts jointly in the name of the child and the adult parent. Identification details are held for both the child and the parent.