Introduction

Our Privacy Policy (“Policy”) explains in detail how xChief Ltd collects, manages, and protects all confidential user information.

We highly value your privacy and are committed to safeguarding your personal data. This Policy applies to both existing and prospective clients and outlines the types of personal data we may collect before and during the use of our services. It also explains how we use, share, and protect this data, as well as your rights regarding its processing and how you can exercise those rights. Please take time to read and understand this Policy.

We may update this Policy periodically, and it is your responsibility to review it for any changes. Any personal information we hold will be governed by the most recent version of the Policy available at that time. Should we make significant updates, we will notify you accordingly.

Unless otherwise specified, references to “xChief,” “we,” “us,” or “our” in this Policy refer to all entities within the xChief Ltd. Similarly, references to “you,” “your,” or “client” refer to any of our existing or prospective customers.

By accessing our websites or using any of our communication channels, you acknowledge that you have read and understood this Policy, including how we collect and process the personal data you provide. Once you open an account with us, this Policy - together with any amendments - will govern how we collect, store, use, and share your data, as well as your rights regarding such processing, both during and after your business relationship with us.

Our Identity

xChief Ltd. is authorized and regulated by the Mwali International Services Authority (MISA), under License No. T2023379 and registered with number HY00923433. The company’s registered address is Bonovo Road, Fomboni, Island of Moheli, Comoros Union.

What kind of personal information do we collect and store?

As part of our business activities, we collect and process personal data from both existing and prospective clients. The types of data we may collect include, but are not limited to:

  • Full name, surname, and contact details;
  • Date of birth and gender;
  • Information regarding your income and wealth, including details of assets, liabilities, account balances, trading activity, tax records, and financial statements;
  • Professional and employment details;
  • Location data;
  • Knowledge and experience in trading, including risk tolerance and risk profile;
  • IP address, device specifications, and other technical information relating to your trading activity;
  • Bank accounts, e-wallets, and credit card details;
  • Information about your visits to our website or mobile applications, including (but not limited to) traffic data, location data, weblogs, and other communication data;
  • Records of transactions and trading behavior, including products and services you trade with us, your preferences, historical activity data, financial instructions, and transaction records.

We also use cookies to store and collect information about your interactions with our website. Cookies are small text files stored on your device’s hard drive by your browser, which send information back to our servers when you access our website. Cookies allow us to apply personalised settings, load your preferences, and enhance your overall user experience. More details are available in our Cookies Policy on our website.

Verification of identity

In accordance with Anti-Money Laundering (AML) and related legislation, we are legally required to verify your identity when opening a new account or adding an authorised signatory to an existing one. As part of this process, we may request photographic and non-photographic identification documents, including but not limited to:

  • Passport;
  • Driver’s license;
  • National identity card (if applicable);
  • Utility bills;
  • Trust deed (if applicable);
  • Credit check report;
  • Any other information we deem necessary to fulfill our legal and regulatory obligations.

For corporate clients, we may also request additional documentation, including incorporation certificates, shareholder and director registers, and other details about company officers. We reserve the right to request further information if required under legal or regulatory frameworks.

How we collect information

We may collect your personal data through various channels, including:

  • Information you provide directly to us via account applications, demo sign-up forms, webinar registrations, or other communication channels;
  • Data automatically collected through cookies, analytics, and similar tracking technologies;
  • Information gathered through ongoing communication, including customer support, newsletters, or relationship updates;

We may also collect information from third parties, such as:

  • Publicly available sources;
  • Social media platforms;
  • Brokers, affiliates, and business partners;
  • Banks, credit card processors, and subscription-based intelligence databases;
  • Other third-party associates who provide relevant services.

Monitoring and communications

We may record and monitor communications with you, including telephone calls, electronic messages, and in-person or online meetings, for the purposes of security, compliance, and quality assurance. Such recordings remain our sole property and form part of our business records.

Additionally, CCTV surveillance may be in operation at our offices or premises. This may include the recording of your image for security and monitoring purposes during your visits.

Who may we disclose personal information to?

In the course of using your personal information for the purposes described above, we may disclose your data to the following parties:

  • Affiliated entities within the xChief group that provide financial and related services;
  • Third-party application providers that support our apps, communication systems, and trading platforms;
  • Service providers and specialist advisers engaged to deliver administrative, legal, IT, analytics, online marketing, financial, compliance, insurance, research, or other professional services;
  • Introducing brokers and affiliates with whom we maintain a business relationship;
  • Payment service providers and banks responsible for processing your transactions;
  • Auditors, contractors, or professional advisers engaged to audit, review, or support our business operations;
  • Courts, tribunals, and relevant regulatory authorities where disclosure is required by law or under our contractual obligations;
  • Government agencies and law enforcement authorities when legally mandated or in response to lawful regulatory requests;
  • Any third party where such disclosure is necessary to enforce or apply our Terms and Conditions of Service or other relevant agreements;
  • Any party explicitly authorised by you.

We commit to sharing only the minimum personal data necessary for these parties to fulfill their contractual or regulatory duties. Third-party service providers are not permitted to use your personal data for any purpose other than delivering services on our behalf.

Please note: our website or apps may contain links to external third-party websites. These external sites are not governed by this Privacy Policy and may apply their own privacy standards. We strongly recommend that you review the privacy policies of any third-party websites you visit.

When and how do we obtain your consent?

We may process your personal data under one or more lawful bases (“Lawful Basis”), depending on the specific purpose for which the data is being used.

The Lawful Bases include:

  • To fulfill our contractual obligations to you;
  • To comply with applicable legal and regulatory requirements;
  • To pursue our legitimate business interests.

If our use of your personal information does not fall under one of the above Lawful Bases, we will require your explicit consent. Consent must be freely given, and you have the right to withdraw it at any time by contacting us using the details provided in this Policy or by unsubscribing from our mailing lists.

We may also use the personal data you provide through our website or during the course of our business relationship to communicate with you for marketing and promotional purposes, as well as to provide you with market updates, news, and analytical reports. These communications may be delivered through various channels, including phone calls, emails, notifications within your online account portal, and SMS notifications (including push notifications).

You have the right to opt out of such communications at any time. You can do so via your online account portal or by sending an email to our Data Protection Officer at [email protected] using the registered email address associated with your account. If you do not have access to your online account portal, or one has not been provided, you may still exercise this right by contacting us directly.

Protection and Management of Personal Data

We are fully committed to safeguarding and protecting personal data. To achieve this, we implement and maintain appropriate technical and organisational measures designed to ensure a level of security that protects your information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access to personal data that is transmitted, stored, or otherwise processed.

We also require all third-party organisations that handle or access personal information on our behalf to acknowledge the confidentiality of such data, respect individuals’ privacy rights, and comply with this Policy as well as all relevant data protection laws.

Our data protection measures include:

  • Training employees who handle personal data to respect confidentiality and individual privacy;
  • Requiring the use of strong passwords and two-factor authentication when accessing our systems;
  • Implementing information barriers, ensuring employees only access data necessary for their specific tasks;
  • Using data encryption technologies for internet transactions and client access codes transmitted across networks;
  • Employing firewalls, intrusion detection systems, and virus scanning tools to prevent unauthorised access and protect against malicious threats;
  • Using secure networks or encryption when transmitting electronic data for outsourcing purposes;
  • Enforcing a “clean desk” policy in all premises and ensuring secure storage of physical records;
  • Applying physical and electronic safeguards such as access cards, cameras, and security personnel to protect against unauthorised access.

Data Storage and Retention Periods

We store personal data using secure electronic systems and physical records, applying appropriate safeguards to protect it against misuse, loss, unauthorised access, alteration, or disclosure.

When data is no longer required, it is either securely deleted or anonymised. However, in some cases we are legally obliged to retain information for longer periods to comply with regulatory requirements. For example, investment and anti-money laundering laws require us to keep evidence of identity verification, financial history, transactions, communications, and other relevant records. Such records are typically retained for five years after the end of our business relationship, or longer if requested by regulators or required by law.

If you register as a prospective client but do not complete the process, or if your application is declined, we may retain your personal data for up to six months, unless legal obligations require a longer retention.

If you opt out of marketing communications, your details will remain on a suppression list to ensure that you do not receive further marketing materials.

In some cases, your data may be transferred to and stored outside Island of Moheli, Comoros Union. It may also be accessed by our employees, affiliates, or service providers operating in other jurisdictions. In such cases, we ensure that appropriate legal safeguards and data protection measures are implemented in accordance with the requirements of the Mwali International Services Authority (MISA) regulations and this Privacy Policy.

Your Data Protection Rights

Please note that these rights may not always apply in every circumstance. You are entitled to:

(a) Request access to your personal data (commonly known as a “data subject access request”).

(b) Request correction of any personal data we hold about you.

© Request the erasure of your personal data. Please note that in some cases we may be unable to comply with such requests due to specific legal obligations, which will be communicated to you at the time.

(d) Object to the processing of your personal data where we rely on legitimate interests (our own or those of a third party). If you raise an objection, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your rights and freedoms. You also have the right to object to the processing of your data for direct marketing purposes.

(e) Request the restriction of processing of your personal data. This allows you to suspend the processing of your data in the following scenarios:

  • If you wish to verify the accuracy of the data;
  • Where our use of the data is unlawful but you do not want it erased;
  • Where you require us to retain the data even though we no longer need it, for the purpose of establishing, exercising, or defending legal claims;
  • If you have objected to our use of your data but we need time to verify whether we have overriding legitimate grounds.

(f) Request the transfer of your personal data to you or another party. We will provide your personal data in a structured, commonly used, and machine-readable format. This right only applies to automated information (excluding hard copies) which you initially provided to us, or where the processing was based on your consent or required for the performance of a contract.

(g) Withdraw consent at any time, where we are relying on consent to process your personal data.

How to exercise your rights

You can exercise your rights by contacting us at [email protected] using the registered email address you provided to us. We may request additional information to verify your identity before processing your request. Requests can also be submitted through your online portal.

We aim to respond to all requests within one month. In complex cases or where you have made multiple requests, it may take longer. In such instances, we will notify you within one month and keep you updated on progress.

We may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive, or if you request multiple copies of the same data. In such cases, we may refuse to comply if the request cannot be justified.

Queries and Complaints

If you have any concerns regarding our privacy practices or wish to exercise your rights, you may contact us by email at [email protected] to submit a query or lodge a complaint.

We aim to respond to all requests within one month. In cases where your request is particularly complex, or you have submitted multiple requests, it may take longer. If so, we will inform you within one month of receiving your request and keep you updated on progress.