Privacy Policy

Introduction

This privacy policy describes how we collect, use and share with third parties your personal data collected when you use and navigate the website of XMLGold. We value our relationship with you and place the highest importance on respecting and protecting your privacy. We will only process your personal data in accordance with applicable law, including the General Data Protection Regulation (EU) 2016/679, and this privacy policy.

Terms

“XMLGold“, “we“, “us“, and “our“ refer to ‘XML Corp.’ together with its employees, directors, successors, affiliates and assignees.

“You”, “customer”, “user”, “your” refer to users of the services of XMLGold, whether in their capacity as senders, recipients, or visitors to our website.

Other terms used in this privacy policy shall be understood as they are defined in the applicable data protection laws.

Sending newsletters

We communicate with our customers about new products or services, special offers and other marketing announcements in newsletters sent by e-mail to our customers. Therefore, we process your first name, surname and e-mail address for direct marketing purposes.

The basis for the processing of your personal data for direct marketing purposes is your consent. Therefore, you have the right at any time to disagree with or reject such processing of your personal data for the purpose of sending newsletters.

XMLGold may also send direct marketing communications to the customer providing relevant information about related XMLGold services. The customer may at any time (in advance or at any time later) unsubscribe from such messages.

You can disagree with or reject processing of your personal data for the purpose of sending newsletters by clicking on the unsubscribe reference presented at the bottom of the newsletter sent to you or by notifying us in writing (for example, by e-mail).

Your personal data, which we process for the purposes of direct marketing, shall be stored for a term of 3 years from the date of your consent unless you revoke your consent before the expiry of the said term. After the expiry of the said term or in the event you revoke your consent, we will cease the processing of these personal data for the purpose of direct marketing.

Visiting the website

When you browse our web page without logging in, we do not hold any personal data about you, but we use various tools to help us maintain the website and provide the best possible experience for you.

Each time you access or visit the website, the following technical personal data may be automatically collected: IP address, access date and time, web page name and URL, device operating system data, information about the Internet provider, geo-location data, language settings and other relevant data.

We may also collect and use cookies. Cookies are a small piece of information saved in your browser storage. They are used to improve the customer experience in pages and helps third party services to work properly.

XMLGold uses cookies extensively in both public page and the product. Most of the third part providers we use set cookies in customer browser to facilitate their services. Private data is never stored in cookies, only anonymous identifiers or other preferences.

Our website uses the following cookies:

Third party cookies

To opt out of Google Analytics cookies, download and install the Google Analytics Opt-out Browser Add-on. The Google Analytics opt-out browser extension – https://tools.google.com/dlpage/gaoptout?hl=en.

If you want to know more specific information about cookies and their usage, please go to www.aboutcookies.org.

Provision of the services

For regular business operations, conclusion and fulfillment of our agreements with you on use of respective XMLGold services as well as implementation of the requirements established in the legal acts regulating the operations of a payment institution we collect and process your personal data.

Such personal data may be provided to us by you directly when creating an account on XMLGold website or collected from other financial institutions or the other third parties (such as Facebook, Gmail, Vkontakte, Paysera, etc.) if you choose to create an account on our website using already existing your social networking or other accounts mentioned here above.

We may process the following personal data of the customers:

• personal data (first name, surname, occupation, company represented and position held, data about the citizenship, personal ID number, etc.);
• contact details (residential address, e-mail address, telephone number, etc.);
• financial data (bank (electronic money payment institution) account information, etc.);
• other data provided when creating an account on XMLGold website and / or required for the provision of the respective XMLGold services.

The basis for the processing of your personal data is agreement which shall be or is entered into by XMLGold and the customer. In any case we process the personal data of our customers only to such an extent which is necessary for ensuring the proper provision of e-currency top-up and withdrawal services and implementation of the legal obligations binding XMLGold.

Customers also have the possibility of logging into their individual accounts on the website of XMLGold, where any information that is relevant to the respective customer in connection with the particular service is provided. Customers log into their accounts using the unique login data provided to them. With a view to properly administer this system, XMLGold also processes additional personal data of customers, inter alia: customer user IDs, login passwords, time of the customer’s login to his / her individual account, data provided in the customer’s applications or agreements, data on transactions carried out by the customer as well as other data. XMLGold processes such personal data under the agreements concluded with customers.

Personal data collected for the purpose of conclusion and fulfillment of agreements will be stored for up to 10 years from the completion of the transaction, the submission of the respective application or execution of the operation except for the cases when the legal acts provide for a longer term of storage of such data.

Prevention of money laundering and terrorist financing

As a financial institution, we are required to reliably identify the customer, the representative or the beneficiary before providing any financial service and do everything in our power to prevent any money laundering and fraudulent activities. For this we may need additional information and / or documentation from the customer, depending on specific cases.

Personal and financial data required to comply with know your customer, anti-money laundering and combating the financing of terrorism requirements and perform financial and business operations include:

• personal data (first name, surname, nationality, date of birth, personal ID number, etc.);
• contact details (residential address, e-mail address, telephone number, etc.);
• financial data (bank (electronic money payment institution) account information, transaction history, etc.);
• other personal data which may help us comply with the applicable law and prevent fraudulent behavior.

The personal data which are required under the law, are usually provided to us directly by you. We shall also have the right to establish the identity of the customer, the representative or the beneficiary without their direct involvement by receiving the required information in accordance with the procedure laid down in the law from other financial institutions and authorized entities. By properly implementing the requirements for the prevention of money laundering and terrorist financing, XMLGold can obtain additional personal data on customers, their representatives and beneficiaries from other third parties(for example, customer’s data can be verified in the databases on wanted persons and in international databases which accumulate and store information about the persons involved in politics, etc.).

We store your personal data in compliance with the requirements of the law, i.e. for a term of 8 years from the date of completion of transactions or expiry of business relations with the customer (unless other legal acts provide for a longer time limit for the storage of data). Certain personal data shall be stored for a shorter period of time, when it is laid down by the law.

Submitting requests

To ensure timely and appropriate processing of your requests, contact you regarding any information you provide, protect customers’ and / or our interests and fulfill various legal requirements, we process your personal data when you contact us (by e-mail, through our website, social media accounts or by any other method). We keep all communications with our customers to ensure that in case of disputes we have all available communication logs.

The basis for the processing of your personal data upon your request is consent which is expressed through your active actions – submitting a request.

We store your personal data for the above mentioned purposes for up to 3 years, depending on the nature of received personal data and other circumstances. We apply longer periods of personal data storage when there is a reasonable suspicion of an unlawful act which is subject to investigation; your data is necessary for the proper resolution of the dispute, complaint or claim; we have received complaints related to you, or if we have noticed any violations committed by you; it is necessary for back-up copies or related purposes of functioning of our information systems; it is mandatory required by applicable laws.

We kindly recommend to protect your personal data when submitting the requests and therefore do not disclose certain personal data if such disclosure is not necessary for development of your request.

Data transmission to third parties

We use services provided by third parties (such as third-party data centers, servers, website design, administration services, online traffic and website analysis, statistics, direct marketing services, etc.) that may require access to your personal data to the appropriate extent. We take data protection seriously and always partner only with companies which provide Data Processing Agreement (DPA) or other data protection agreements with these companies.

We may also share your personal data with any member of our group or subsidiaries (i.e. any organization we own or control) or our holding company or ultimate holding company (i.e. any organization that owns or controls us) and any subsidiaries they own. These companies will only use your personal information to provide a service to us or to you in the same way as we can under this privacy policy.

In the event that we sell any business or assets, personal information may be disclosed or transferred to buyers or prospective buyers of our business or any of our assets as part of any such sale.

Particular technical data pertaining to your visits to the website (such as IP address, data collected or placed on devices by cookies, technical information of the browser, other information related to your browsing activities, etc.) may be transferred or made available to entities in the European Economic Area (EEA) as well as outside the EEA for purposes related to statistics, analysis and other related purposes. Please note that personal data in non-EU countries maybe subject to less protection than in the EU. We will carefully assess the conditions under which such data will be processed and stored after transfer to the above entities.

Finally, your personal data may be submitted to law enforcement, judicial or pre-trial institutions without any specific consent for the purpose of investigation or when it is provided by law.

Security of your data

We take protecting of your data very seriously – we encrypt the information you provide during the transmission of the information, our internal systems are logging access to your data when / if accessed by our employees, our offices have perimeter control from unauthorized entry, we have internal IT security procedures and use best security practices to minimize risks from outside attacks, all critical systems require 2 factor authentication and / or are accessible only through internal network / VPN.

While we implement security measures on our website and through our services, you should be aware that 100% security is not always possible. Whenever you give out personal information online there is a risk that a third party may intercept and use that information. While we strive to protect your personal information and privacy, we cannot guarantee the security of any information you disclose online. By using XMLGold services, you expressly acknowledge and agree that we cannot guarantee the security of any data provided to or received by us through the services and that any personal information, general information, or other data or information received from you through the website or our services is provided at your own risk.

Your rights

General Data Protection Regulation (EU) 2016/679 gives you more rights to control which data about you can be accessed by companies like us. Here is a list of rights specified in regulation:

• The right of access to your personal data. You have the right to receive confirmation that we process your personal data as well as the right to access your personal data processed and information about the purposes of processing, the categories of data being processed, the categories of data recipients, the period of data processing and the sources of data;
• The right to rectification. If you think that data processed by us is inaccurate or incorrect, you have the right to request that such data be modified, clarified or corrected;
• The right to erasure (right to be forgotten). When there are circumstances specified in certain legal acts, you have the right to request us to erase your personal data;
• The right to a restriction of processing. When there are circumstances specified in certain legal acts, you also have the right to request us to restrict the processing of your data;
• The right to data portability. You have the right to transfer your data processed by us with your consent and by automated means to another data controller;
• The right to disagree with the processing of your personal data if it is processed on a legitimate interest basis, unless there are legitimate reasons for such processing or for the purpose of claiming, enforcing or defending legal requirements;
• The right to revoke your consent to process your personal data. If we have no other legal basis for the processing of personal data, we will cease processing of personal data immediately after the cancellation / revocation of the consent provided by you;
• The right to file a complaint to the State Data Protection Inspectorate, A. Juozapavičius st. 6, LT-09310 Vilnius, the Republic of Lithuania. However, we kindly recommend you to contact us first in order to find a satisfying solution.

Additional information

XMLGold is not intended for users under the age of 18. Such users are expressly prohibited from submitting their personally identifiable information to us and from using portions of the website of XMLGold for which registration is required; any information submitted by such users will not knowingly be used, posted, or retained.

We reserve the right to amend this privacy policy. The amended privacy policy shall be published on our website, so we kindly recommend to check our website periodically if there are any amendments of the privacy policy.

If you have any questions about this privacy policy, please contact us for more information via email [email protected]