Privacy Policy

XDAT International Limited (XDAT) shall endeavour to comply with the General Data Protection Regulation (GDPR 2016/679) (GDPR) in relation to personal data processing rules within the European Union (EU) and European Economic Area (EEA).

This Privacy Policy explains how XDAT collects, uses, retains, transfers, discloses, disposes of and protects user, customer and visitor (hereinafter referred to as ‘Data Subjects’) Personal Data obtained through the website. The terms “we,” “us,” and “our” refer to XDAT International Limited and its affiliates present and future. When we ask for certain Personal Data from Data Subjects it is because we are required by law to collect this Personal Data or it is relevant, explicit, legitimate and for specified purposes. Any non-required Personal Data you provide to us is provided voluntarily.

By using the website, you consent to the data practices described in this Privacy Policy. On occasion, XDAT may revise this Privacy Policy to reflect changes in law or our Personal Data collection and use practices. If material changes are made to this Privacy Policy, the changes will be announced by posting on the website for visitors and by privacy notice to all users and customers. We will ask for your consent before using your Personal Data for any purpose that is not covered in this Privacy Policy.

XDAT ensures that in the event that any Personal Data of Data Subjects is transferred outside of the EU or EEA countries or an international organisation, the legal regime of the relevant country provides an “adequate” level of Personal Data protection as stipulated by the European Commission or has provided appropriate safeguards or under binding corporate rules or satisfies one of the conditions in Article 49 of the GDPR.

Why this Privacy Policy exists

This Privacy Policy ensures that XDAT:

  • Complies with data protection law and follows good practice.
  • Protects the rights of users, visitors and customers.
  • Is open about how it stores and processes individuals’ Personal Data.
  • protects itself from the risk of a data breach.


The following terms “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing Activity/ies”, “Pseudonymisation”, “Anonymisation”,“Cross-Border processing of Personal Data”, “Supervisory Authority” used in this document shall have the same meaning as in the European Union’s General Data Protection Regulation:


We want you to understand the types of Personal Data we collect when you register for and use XDAT’s services.

Information you provide to us at registration

When you create an XDAT Account, you provide us with Personal Data that includes your contact information (email address, name, and a password). You can also choose to add a phone number for SMS or Google Authenticator account to be used for 2FA verification for improved security. We ensure that the Personal Data collected is processed lawfully, fairly and in a transparent manner.

Information we collect when authenticating user identity

To comply with global industry regulatory standards including Anti-Money Laundering (AML), KnowYour-Customer (KYC), and Countering Terrorist Financing (CTF), XDAT requires user accounts to undergo user identity authentication for both Personal & Enterprise-level accounts. This entails collecting formal identification.

Information we collect as you use our services

Service Usage Information

Through your use of the XDAT platform, we ensure that we shall not monitor and collect tracking information related to usage such as access date & time, device identification, operating system, browser type and IP address.

How we store your Personal Data

We shall keep Personal Data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We shall apply anonymization or pseudonymisation to Personal Data where possible to reduce the risks to the Data Subjects

We strive to keep Personal Data accurate, and, where necessary, it is to be kept up to date. We shall take reasonable steps to ensure that Personal Data is accurate, having regard to the purposes for which it is processed, and any inaccurate Personal Data shall be erased or rectified without undue delay.

Retention of Personal Data

XDAT ensures that the Personal Data will not be kept for longer than is necessary and only kept for the purposes for which it is processed. Retention periods may vary from a few months in relation to simple enquiries to over ten years as required by applicable law or court orders.

Rights of Access by Data Subjects

XDAT acting as Data Controller shall provide Data Subjects with a reasonable access mechanism to enable the same to access their Personal Data. The Data Subject shall be allowed to update, rectify, erase, or transmit their Personal Data, if appropriate or as required by law.

Right to be forgotten

Upon request, and within the limits allowed by applicable law, you have the right to have your Personal Data erased by us. XDAT acting as a Controller will take all necessary actions (including technical measures) to inform any third-party Data Processors where applicable to comply with the request.

Data Portability

You shall have the right to receive, upon request, a copy of the Personal Data you provided to us in a structured, commonly used and machine-readable format and to transmit it to another Controller, for free. We shall endeavour to ensure that such requests are processed within one month, subject that it is not excessive and does not affect the rights of other individuals’ Personal Data.

Disposal of Personal Data

When we receive requests to dispose of Personal Data records by Data Subjects, we shall ensure that these requests are handled within a reasonable time frame. XDAT shall keep a record, including a log, of these requests.

XDAT ensures that any archived Personal Data is disposed of by adequate disposal mechanisms on expiry of retention period. Any hard copies of Personal Data that we might have obtained from you shall be physically destroyed when no longer relevant. We shall also strive in obtaining adequate disposal mechanisms to ensure no Personal Data is leaked outside of the organisation.

Transaction Information

For all Personal & Enterprise-level accounts, we collect transaction information including deposit snapshots, account balances, trade history, withdrawals, order activity and distribution history. This transaction data is monitored for suspicious trading activity for user fraud protection, and legal case resolution.


To provide and maintain our services

We use the information collected to deliver our services and verify user identity.

Given our legal obligations, we cannot provide you with services without data like identification, contact information and transaction-related information. Having said that, we do not use cookies or any tracking devise and in the event that XDAT will introduce any tracking systems we will inform you accordingly.

To protect our users

We use the information collected to protect our platform, users’ accounts and archives.

We use IP addresses and cookie data to protect against automated abuse such as spam, phishing and Distributed Denial of Service (DDoS) attacks.

We analyse trading activity with the goal of detecting suspicious behaviour early to prevent potential fraud and loss of funds to bad actors.

To comply with legal and regulatory requirements

Respect for the privacy and security of Personal Data you store with XDAT informs our approach to complying with regulations, governmental requests and user-generated inquiries. We will not disclose or provide any Personal Data to third party sources without obtaining specific consent from you (unless any applicable law requires otherwise) and without review from our legal team.

To measure site performance

We actively measure and analyse data to understand how our services are used. This review activity is conducted by our operations team to continually improve our platform’s performance and to resolve issues with the user experience.

We continuously monitor our systems’ activity information and communications with users to look for and quickly fix problems.

To communicate with you

We use Personal Data collected, like an email address to interact with users directly when providing customer support on a ticket or to keep you informed on logins, transactions, and security. Without processing your Personal Data for confirming each communication, we will not be able to respond to your submitted requests, questions and inquiries. All direct communications are kept confidential and reviewed internally for accuracy.

The Company shall provide its users with user support through an online chat with an agent. Username and email address may be necessary to sign up for online chat. The data collected in this manner shall be processed exclusively for the purpose of providing user support.

The Company may keep logs for internal and external audits; training and investigation including law enforcement agencies. These logs are deleted once the account is terminated or after one (1) year if they are no longer required for any crime prevention, investigation, detection purposes and crime reporting for the protection of the business and other legal interests and the protection of employees.

Marketing of our services

XDAT may, pursuant to the given consent, periodically notify Data Subjects of any new benefits or services being offered. The Data Subject may always decide to opt out from receiving the above notifications and may cancel the service by sending an e-mail to [email protected]

To enforce our Terms of Use and other agreements

It is very important for us and our customers that we continually review, investigate and prevent any potentially prohibited or illegal activities that violate our Terms of Use and Service. For the benefit of our entire user base, we carefully enforce our agreements with third parties and actively investigate violations of our posted Terms of Use. XDAT reserves the right to terminate the provision of service to any user found engaging in activities that violate our Terms of Use.


XDAT has implemented a number of security measures to ensure that your Personal Data is not lost, abused, or altered. Our data security measures include, but are not limited to: PCI Scanning, Secured Sockets Layered encryption technology, pseudonymisation, internal data access restrictions, and strict physical access controls to buildings & files. Please note that it is impossible to guarantee 100% secure transmission of data over neither the Internet nor any method of electronic storage. As such, we request that you understand the responsibility of independently taking safety precautions to protect your own Personal Data.

If you suspect that your Personal Data has been compromised, especially account and/or password information, please lock your account and contact XDAT customer service immediately on the following link

Our Responsibilities

XDAT shall ensure appropriate Personal Data processing by all its employees and all those who have access and process data on our behalf.

Everyone who works for or with us has responsibility for ensuring that Personal Data is collected, stored and handled appropriately. Each team that handles Personal Data must ensure that it is handled and processed in line with this Privacy Policy and data protection principles. However, these people have key areas of responsibility:

  • The board of directors is ultimately responsible for ensuring that XDAT meets its legal obligations.
  • The Data Protection Officer or the person in charge is responsible for:
  1. Keeping the Board updated about data protection responsibilities, risks and issues.
  2. Reviewing all data protection training and advice for the people covered by this Privacy Policy.
  3. Arranging data protection training and advice for the people covered by this Privacy Policy.
  4. Handling data protection questions from staff and anyone else covered by this Privacy Policy.
  5. Dealing with requests from individuals to check the data XDAT holds about them (also called 'subjects access requests' [SAR])
  6. checking and approving any contracts or agreements with third parties that may handle any sensitive data.
  • The IT Manager, is responsible for:
  1. Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
  2. Performing regular checks and scans to ensure security hardware and software is functioning properly.
  3. Evaluating any third-party services XDAT is considering using to store or process data e.g. cloud computing services.
  • The Marketing Manager, is responsible for:
  1. Approving any data protection statements attached to communications such as emails and letters.
  2. Addressing any data protection queries from journalists or media outlets like newspapers.
  3. Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.

How do we respond to Personal Data Breach Incidents

When the Company learns of a suspected or actual Personal Data breach, the Company shall perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to the rights and freedoms of Data Subjects, the Company will notify the relevant supervisory authorities without undue delay and, when possible, within 72 hours from when it learns of such breach.

Audit and Accountability

XDAT will monitor the implementation of this Privacy Policy.

Any employee who violates this Privacy Policy will be subject to disciplinary action and may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.

Governing Law

This Privacy Policy is intended to comply with the laws and regulations in the place of establishment and of the country in which XDAT operates. In the event of any conflict between this Privacy Policy and applicable laws and regulations, the latter shall prevail.


We are committed to respecting the freedoms and rights of all our XDAT visitors, users and customers who have placed their trust in our service. If you have any questions about this Privacy Policy, the practices of this website and the App, or your dealings with this website and the App, requests, complaints or inquiries relating to processing and protection of Personal Data can be sent to the e-mail address [email protected]

In accordance with the applicable regulations governing the protection of Personal Data, each request/inquiry will be resolved or closed without undue delay and at the latest within 30 days of receipt.

When contacting and posting such requests, we will invest reasonable efforts to confirm your identity and to prevent unauthorized Personal Data processing.

Changes to this Policy

As the Company evolves, there may be the need to update this Policy to keep pace with changes to the website, software, services, business and applicable laws. The Company will however, always maintain its commitment to respect the Data Subject's privacy. The Company ensures that it will notify the Data Subjects with any material changes under this Policy by email (the most recent email provided by the Data Subject) or post any other revisions to this Policy along with their effective date, in an easy-tofind area of the website.


This document was updated on

1st October 2018 and is effective from that date.

Email: [email protected]

Company Address:
Ground Floor, Palace Court, Church Street. ST. Julians STJ 3049