Privacy Policy
- Introduction
1.1 This Privacy Policy sets out the regulations and policies of Personal Information processed by XPA Holdings Limited (“XPA”, “we” or “us”) in accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”) of Canada.
1.2 By accessing XPA’s website, you undertake that you have read, understood and accepted the terms of the Privacy Policy. Your usage or ongoing usage of XPA’s Services shall also be taken as your consent to be legally bound by this Privacy Policy.
1.3 You acknowledge that XPA reserves the right to amend or update this Privacy Policy at any time without prior notice to you. The amendments to the Privacy Policy shall become effective immediately upon publication on XPA’s website. You shall regularly review this Privacy Policy on the XPA’s website.
2.Definitions And Interpretations
2.1 Throughout this Privacy Policy, unless the context otherwise requires, the following words and expressions shall bear the following meanings:
(a) “XPA” means XPA Holdings Limited (Company Registration No. BC 1456507) whose registered office address is located at 170-422 Richards St, Vancouver BC V6B 2Z4 Canada.
(b) “Personal Information” means personal information means information about an identifiable individual that is recorded in any form including, without restricting the generality of the foregoing:
(i) information relating to the race, national or ethnic origin, colour, religion, age or marital status of the individual,
(ii) information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved,
(iii) any identifying number, symbol or other particular assigned to the individual,
(iv) the address, fingerprints or blood type of the individual,
(v) the personal opinions or views of the individual except where they are about another individual or about a proposal for a grant, an award or a prize to be made to another individual by a government institution or a part of a government institution specified in the regulations,
(vi) correspondence sent to a government institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to such correspondence that would reveal the contents of the original correspondence,
(vii) the views or opinions of another individual about the individual,
(viii) the views or opinions of another individual about a proposal for a grant, an award or a prize to be made to the individual by an institution or a part of an institution referred to in paragraph (v), but excluding the name of the other individual where it appears with the views or opinions of the other individual, and
(ix) the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual.
(c) “PIPEDA” means the Personal Information Protection and Electronic Documents Act of Canada and its respective published amendments.
(d) “Services” means the foreign exchange, money transfer, virtual currency transactions, and payment services provided by XPA.
2.2 The headings to the clauses and sections in this Privacy Policy are for reference only, and shall be ignored when construing the meaning of any provision of this Privacy Policy.
3.Personal Information Collected
3.1 We collect your Personal Information from the following methods:
(a) client on-boarding or application or other forms;
(b) communication with XPA via telephone, fax, email or other forms of electronic communication;
(c) XPA’s associates or related companies;
(d) your appointed agents, representatives or advisers;
(e) when you visit our website or system or use our Services (to collect Personal Information described in Clause 3.2(g) and (h) below); and
(f) publicly available sources or third parties when we need to conduct background checks on you.
3.2 Personal Information collected by XPA includes but is not limited to the following:
(a) your personal details, e.g. name, telephone number, email address;
(b) identity verification documents, e.g. ID, passport;
(c) financial details, e.g. bank account, payment card information;
(d) information about your income and wealth including details about your assets and liabilities, account balances, trading statements, tax and financial statements;
(e) profession and employment details;
(f) your use of Services, including but not limited to the pages you have visited; and
(g) technical information, including but not limited to your devices, type and version of the operating system, time zone.
3.3 XPA will procure express consent from you in any of the following event:
(a) the information being collected, used or disclosed is sensitive;
(b) the collection, use or disclosure is outside of the reasonable expectations for you; or
(c) the collection, use or disclosure creates a meaningful residual risk of significant harm.
3.4 XPA also uses cookies on our websites to customize the information and experience displayed on our website according to your preferences. Cookies are small bits of data stored on a web browser when you visit a website for the first time. If you visit that website again in the future, the storage of cookies on your browser enables the website to remember how you browsed through it the first time. If you do not agree to our Cookie Policy you can disable Cookies and still access our website normally.
4.Purpose of Personal Information Collected
4.1 You consent and allow XPA to process the Personal Information:
(a) to perform XPA’s contractual obligations and provide Services to you;
(b) to comply with applicable laws, regulations and directions from regulatory authorities;
(c) to verify your identity;
(d) to update company information with British Columbia Registry Services, ] Financial Transactions and Reports Analysis Centre of Canada and other regulatory authorities;
(e) processing payment or credit transactions;
(f) to monitor and record calls and electronic communications for processing and verification of instructions;
(g) to monitor and record calls for business analysis, training or service improvement purposes;
(h) to ensure that the website content can be displayed or updated on your device;
(i) in providing suitable marketing materials or information to you;
(j) any other purposes that we notify you at the time of obtaining consent;
(k) any other purposes incidental or relevant to the above.
4.2 Unless you have given consent, your Personal Information shall only be used for the purposes for which it was collected.
5.Disclosure of Personal Information
5.1 XPA shall only disclose your Personal Information reasonably for the purposes of the disclosure. XPA may disclose your Personal Information to third parties without your consent:
(a) under any requests and orders from regulatory authorities;
(b) to meet our legal and regulatory obligations;
(c) in compliance with any requests made by legal and regulatory authorities;
(d) if it is necessary to perform XPA’s contractual obligation, including but not limited to XPA’s associates or related companies or third party service providers whereby they shall strictly comply with the PIPEDA and this Privacy Policy;
(e) to collect a debt owed by you to us;
(f) to another organization when we think it is reasonable for the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed and it is reasonable to expect that your consent would compromise the ability to prevent, detect or suppress the fraud.
5.2 We may disclose your Personal Information to the following authorised third parties:
(a) relevant regulatory authorities when we are required to do so;
(b) your appointed auditors and professional advisors;
(c) your appointed agents, representatives or advisers;
(d) our third party service providers who are necessary to perform our contractual obligations to you;
(e) banks or other financial institutions;
(f) our advisers or agents where it is necessary for us to obtain their advice;
(g) our auditors when it is necessary for them to perform their auditing functions;
(h) our technological or data storage provider;
(i) third parties appointed to conduct customer background checks;
(j) third parties and their advisers who are seriously interested in acquiring all or part of our business;
(k) other third parties who are necessary to perform our contractual obligations with you.
6.Retention Period
6.1 We shall cease to retain your Personal Information as soon it is reasonable to assume that:
(a) the purpose for which that personal data was collected is no longer being served by retention of the personal data; and
(b) retention is no longer necessary for legal or business purposes.
7.Management of Personal Information
7.1 XPA has taken all reasonable commercial standards of technology and operational security to safeguard you’s Personal Information and mitigate potential risks of a security breach.
7.2 XPA trains our employees and provides internal educational training to the employees handling Personal Information to respect the confidentiality of customer information and the privacy of individuals. Furthermore, XPA implemented procedures to safeguard Personal Information where employees are only given access to your Personal Information if it is necessary to perform XPA’s contractual obligation. The access and scope of the access are given on a ‘need to know’ basis and shall be restricted to the purpose for which it is given.
7.3 You acknowledge that XPA cannot guarantee the absolute protection and security of the Personal Information. You acknowledge that XPA shall not be liable for any malicious and fraudulent acts committed by third party beyond XPA’s control provided that XPA has taken all reasonable commercial standards of care and has not been negligent in safeguarding your Personal Information.
8.Your Rights
8.1 Under the PIPEDA, you retain the right to:
(a) access your Personal Information;
(b) inquire XPA whether the Personal Information has been disclosed by XPA within a year before the date of the request;
(c) rectify or amend your Personal Information;
(d) restrict the processing of Personal Information;
(e) object against Personal Information processing for direct marketing purposes; or
(f) demand XPA to delete and erase your Personal Information.
8.2 You acknowledge that XPA may need your Personal Information to fulfill its contractual obligation to you, and as such your demand for deletion of your Personal Information may result in termination of all Services provided by XPA.
9.Jurisdiction
9.1 This Agreement is governed by and shall be construed in accordance with, the laws of British Columbia, Canada. All disputes arising out of this Agreement shall be resolved by arbitration at International Centre for Dispute Resolution Canada. The arbitration proceedings shall be conducted in the English language. The Parties undertake and agree that all arbitral proceedings conducted shall be kept confidential in accordance with the confidentiality obligations set forth herein, unless otherwise mutually agreed by the Parties under a written, stipulated protective order for such arbitration, and all information, documentation, materials in whatever form disclosed in the course of such arbitral proceeding shall be used solely for the purpose of those proceedings.
10.Language
10.1 The official language of this Privacy Policy shall be English. We may provide this Privacy Policy in other languages for information purposes only and in the event of any inconsistency or discrepancy between the English version of this Privacy Policy and any other language version, the English version shall prevail.
11.Contact
11.1 If you wish to gain access to your Personal Information, have any complaint or enquiries in relation to our privacy practice, please contact our data protection officer via email at compliance@xpaholdings.com.
CONTACT
NEWLETTER
Sign up for our latest news & articles. We won’t give you spam mails.
© 2024 XPA Holdings Limited. All Rights Reserved.