Privacy Policy

XCoinsPay

In accordance with the European Union Data Protection Regulation (GDPR), XCoinsPay.com has updated its Privacy Policy.

XCoinsPay.com, owned and operated by CF Technologies Limited, (hereinafter referred to as “XCoinsPay.com”, the “Company” “we”, “our” or “us”), respects the privacy of the users of our platform (the “Platform”) and/or our website at XCoinsPay.com (the “Site”), and is committed to protect the personal information that users share with us in connection with the use of our Platform and/or Site (hereinafter collectively referred to as – the “Service”).

This Privacy Policy (the “Privacy Policy”), together with our Terms of Services (the “TOS”) is intended to describe our practices regarding the information we collect from you (the “user” or “you”) when you use the Service (or any part thereof), the manners in which we may use your personal information, and the options and rights available to you.

The purpose of this Privacy Policy is to inform you of:

  1. Data Controller
  2. Data Protection Principles
  3. Your Consent
  4. Which information may we collect on our users
  5. How do we collect information on our users
  6. What are the purposes of the collection of Personal Information
  7. Disclosing your Personal Data
  8. Changes to your Personal Data
  9. Sharing Information with Third Parties
  10. Retention of Personal Information
  11. International Transfers
  12. Minors Policy
  13. Management of Cookies
  14. Data Subject and Data Subject (Your) Rights
  15. Security
  16. Third party websites
  17. Changes to the Privacy Policy
  18. Questions

1. Data Controller

We, as the Data Controller, are responsible for deciding the way we collect, process and manage the personal information collected from our users. We may, in certain circumstances, deliver services in partnership with other entities. In such events, we will be a Joint Controller with the other entity.

‘If You have any questions or comments about our Privacy Policy or should You wish to exercise any of Your individual rights, please contact us at: [email protected] or by writing to the Data Protection Officer at the registered address or by phoning Us using International telephone number +1 305 946 1796.

For general contact, please send us an email on [email protected] or use our ‘Contact Us’ form on the https://xcoinspay.com/ website

Our Risk Officer is responsible for compliance within the GDPR and is responsible for matters relating to Privacy and Data Protection. The Risk Officer may be reached on [email protected] or by calling using International telephone number +1 305 946 1796.

2. Data Protection Principles

We are committed towards compliance within the applicable Regulations. If we need to collect, use or store Your personal data, we will abide by the following data protection principles.

The processing of personal data shall take place in a lawful, fair and transparent manner. Collection of personal data shall only be performed for specified, explicit and legitimate purposes and shall not be further processed in a manner which renders it incompatible with those purposes. The collection of personal data shall only be adequate, relevant and limited to what is necessary in relation to the purpose for which it is being processed. The personal data shall be accurate and where necessary kept up to date. Having regard to the purpose for which personal data is processed, the Company shall take every reasonable step to ensure that inaccurate personal data is erased or rectified without undue delay. Personal data shall be kept in a form which permits identification of the data subject, for no longer than is necessary for the purpose for which the personal data is processed. Personal data shall be kept confidential and stored in a manner which ensures appropriate security. Personal data shall not be shared with third parties except when necessary and with a justifiable legal basis.

3. Your Consent

By entering to, connecting to, accessing or using the Service (or any part thereof), you agree to the terms and conditions set forth in this Privacy Policy, including to the collection and processing of your personal information (as defined below). If you disagree to any term provided herein, you may not access and/or use the Service in any manner whatsoever.

4. Which information may we collect on our users?

We collect two types of information from our Users:

Non-personal information

  • The first type of information is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via the User’s use of the Service and/or the transactions carried out in connection with the Service, as applicable (“NonPersonal Information”). We are not aware of the identity of the User from which the Nonpersonal Information was collected.
  • Non-Personal Information which is being collected consists of technical information and aggregated usage information, and may contain, among other things, the User’s operating system, type of browser, screen resolution, browser and keyboard language, Privacy Policy v2.3 May 2025 Page 5 the User’s ‘click-stream’ on the Service and activities on the Service, the period of time the User visited the Service and related timestamps, etc.
  • Non-Personal Information shall be gathered by us in order to perform preliminary examinations of the users’ transactions before enabling such users to use the Service.
  • For the avoidance of doubt, any Non-personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists.

Personal Information

The second type of information is the personal information that identifies or may identify an individual with reasonable efforts (“Personal Information”). Personal Information which is being gathered may consist of the following:

  • The User’s IP address, as well as other persistent device identifiers, which is automatically recorded from the User’s device and used mainly for enhancing the User’s experience and for geolocation, personalization, security and fraud prevention purposes, as further detailed below.
  • In the event that following the preliminary examinations of Non-personal Information as noted above, such user is determined as qualified to use the Service (as shall be determined in our sole discretion), then after clicking the Service button the User will be requested to fill out the registration form available on the Service, and such User will be required to provide certain information such as his/her contact details, including the following:
    • Full name
    • Physical Address
    • E-mail address
    • Copy of a government-issued ID (such as a passport or driver’s license) – this is collected as means for official proof of identity
    • Details regarding the government-issued ID, such as the number, issuing country and expiration date
    • Country of residence
    • Gender
    • Date of birth
    • Billing address
    • Wallet ID (if applicable)
    • Credit card details – however, please note that such data is transmitted directly to our trusted third party payment processors. We do not retain the full details of the credit card.
    • Any additional required information in order to render the service.
  • Please note that without providing the above information you may not be able to complete the transaction.
  • In addition, we also collect the User’s publicly available social network information, provided that the User has an existing third-party social network account (namely, a Facebook or Google account) (“SN Account”) registered under the same name and/or email provided by User when registering to the Service.
  • In the event a User registers to the Service or otherwise grants us with certain access permissions to his/her SN Account, the third-party social network(s) operating such SN Account(s) may provide us with certain information about the User, as is stored in and/or made available by the User through his/her SN Account and in accordance with the permissions granted to us by the User. For example, such information may consist, as applicable and/or made available by the User, of the User’s name, public profile picture.
  • URL address, SN Account User ID, e-mail address, date of birth, gender, occupation or work information, education and other information which the User made public.
  • In addition, we may also collect the behavior of the User on our Services, which includes keystrokes, recording of mouse movements and other activities in our Services.
  • Any Personal Information provided voluntarily by the User via its use of the Service, such as the User’s e-mail address in order to be contacted (and any additional information related to such contacts), transaction details provided through use of the Service, and/or other actions performed by the User in connection with the Service.
  • We also collect additional data from third-party sources regarding the User. This includes the User’s credit rating and other information available through publicly available credit card blacklists and official limited bank account lists, as well as nonpublic information provided by credit rating agencies, banks or other organizations.

Please note that the Personal Information we collect is required in order for us to contractually provide the Services, as well as for us to meet our legal and regulatory requirements (such as Anti-Money Laundering and Know-Your-Customer regulations), and to safeguard our legitimate interests. In the event that you will not provide such information, we may not be able to provide our Services.

5. How Do We Collect Information on Our Users?

We use the following methods of collection:

  1. We collect Non-Personal Information through your use of the Service and/or the transactions carried out in connection with the Service. In other words, when you are using the Service, we may be aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
  2. We collect Non-Personal Information and Personal Information through publicly available sources. For example, we collect certain information about you through your publicly available SN Account(s) information, publicly available credit card blacklists and official limited bank account lists, and other online public information.
  3. We obtain Personal Information from third-party services We obtain Personal Information from third-party services
  4. We collect Personal Information which you provide us voluntarily. For example, we collect Personal Information required to use the Service by completing the registration form and/or contacting us directly.

We store the Personal Information either independently or through the help of our authorized third-party service providers as detailed below.

6. What are the Purposes of the Collection of Information?

We collect Non-Personal Information and Personal Information in order to:

  1. Provide and operate the Service, including for risk analysis, billing, and other aspects relating to carrying out the transactions performed by the Users (such as identity authentication, payment processing, and charge-backs);
  2. Analytics, statistical and research purposes;
  3. Detect, prevent, or otherwise address fraud, security or technical issues (such as identity theft or financial fraud);
  4. Meet our regulatory requirements, such as Know Your Customer (“KYC”), Anti-Money Laundering (“AML”) and Combatting Financing Terrorism (“CFT”) regulatory requirements.
  5. Enable us to further develop, customize and improve the Service based on Users’ common preferences and uses;
  6. Create and provide our business partners and affiliates with aggregated statistical data;
  7. Direct marketing purposes – we may use the contact details you provided us to send you promotional offers or communications; you may withdraw your consent via sending a written notice to XCoinsPay.com by email to the following address [email protected] or in the same manner as the advertising was transmitted to you (e.g. via email or SMS messaging), or by following the unsubscribe instructions included within the promotional offer or communication.
  8. Respond to User’s support requests;
  9. Satisfy any applicable law, regulation, legal process, subpoena or governmental requests;
  10. Enable us to provide our Users with a better user experience, with more relevant Content, features, and functionalities, and with technical assistance and support;
  11. Protect the rights, property, or personal safety of the Company, any of its Users, or the general public;
  12. Enforce this Privacy Policy and/or the TOS, including investigation of potential violations thereof;
  13. Abide by any applicable law.

7. Disclosing your Personal Data

We will not disclose your personal data that we collect or store intentionally to third parties, unless it is an imposed legal obligation on Us to do so, or as described in this Privacy Policy.

We also undertake that we will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties and who provide elements of services from us. In this regard, we have agreements in place with our data processors, binding them not to do anything with your personal data unless we have instructed them to do so. Such agreements also cover the requirement of holding the personal data securely and retain it for the period that we instruct them.

There are circumstances where we are legally bound to share information such as when we are required to cooperate with the Authorities or Regulatory bodies. In such situations, we will ensure that we have a lawful basis to do so.

We may disclose information to third parties in connection with the above-mentioned purposes in the circumstances that the requirement falls under an applicable legal basis.

8. Changes to your Personal Data

The personal information we hold about you shall be current and accurate. If any of your personal information changes, it is within your responsibility to update us.

As required by Law, you bind yourself to furnish us with recent suitable documentation for confirmation, on a regular basis, upon our verbal request. These may be required for KYC and due diligence purposes and to allow us to correctly perform the terms of our engagement, as per our internal operating procedures in force at the time.

9. Sharing Information with Third Parties

The Company discloses Personal Information in the following cases:

  1. With acquiring and card issuing banks;
  2. With third-party authentication vendors (such as identity verification vendors) and other data sources (such as geolocation services);
  3. With our service providers (such as cloud computing companies);
  4. In order to fulfill the purposes stated above, including to satisfy any applicable law, regulation, legal process, subpoena or governmental request;
  5. Respond to claims that any content available on the Service violates the rights of third parties;
  6. When the Company, or any of its affiliates is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets.

Please note that our businesses, as well as our trusted partners and service providers, are located around the world. Any information that we collect (including your Personal Information) is stored and processed in various jurisdictions around the world (including in the United States), for the purposes detailed in this Privacy Policy.

We use best efforts to ensure that your Personal Information is protected in accordance with our privacy policy, through contractual means (such as by using the contractual clauses approved by the relevant regulators for data transfer) or other means (such as ensuring that the jurisdiction imposes adequate safeguards for data protection).

All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. Processing your personal data with our third parties is limited for specified purposes and in accordance with our legal binding agreements.

10. Retention of Personal Information

The Company will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations, such as for KYC (Know Your Customer) and AML (Anti-Money Laundering) purposes. In this regard, we retain your personal data for as long as it is within the applicable laws, to enforce our contractual agreements and if needed, for the exercise and defence of legal claims.

We undertake to review your personal data that we collect, process and store and will delete or anonymize it in a secure manner when it is no longer needed to be retained in terms of legal, business or customer need.

If for any reason you wish to delete your Personal Information stored with us and identifying to you, please send us an e-mail to [email protected] and we will make reasonable efforts to address your request.

Where possible, we specify the periods for which your personal data will be retained in advance. The retention period is determined based on the following criteria:

  • the purpose/s for which your personal data has been collected;
  • whether there are any statutory obligations, obliging us to continue to process your information;
  • whether we have a legal basis in place to continue processing your personal data, including but not limited to your consent;
  • value attached to your information;
  • whether there are any industry practices stipulating the term that the personal data shall be retained for;
  • the cost, liability and risk of such retention;
  • any other applicable circumstances.

11.International Transfers

Information provided to us may be shared with third parties situated in other European Economic Area (‘EEA’) Member States and in countries outside the EEA.

In the circumstances, we will only transfer your personal data after taking the necessary steps to ensure that your privacy rights remain protected as outlined in this Privacy Policy and also in accordance with the applicable data protection laws.

12. Minors

To use the Service, you must be over the age of eighteen (18). The Company does not knowingly collect Personal Information from children under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the Service. In the event that it comes to our knowledge that a person under the age of eighteen (18) is using the Service, we will prohibit and block such User from accessing the Service and will make all efforts to promptly delete or effectively anonymize any Personal Information stored with us with regard to such a user.

13. Cookies

When you access or use the Service, we may use industry-wide technologies such as “cookies” or similar technologies, which stores certain information on your computer and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless.

We may also use certain third-party tracking technologies like Google Analytics. These are a different kind of cookies, stored on your computer by third parties, rather than by us. This kind of tracking technology is deployed or used each time you visit the Service, and also when you visit certain websites or applications that use similar cookies.

How to manage your cookie settings

Please note that we do not recognize or respond to automated browser signals regarding Tracking Technologies, including “Do Not Track” requests. However, there are various ways in which you can manage and control your cookie settings. Please remember that, by deleting or blocking cookies, some of the features of the Services may not work properly or as effectively.

  • Turning off cookies via your web browser. Privacy Policy v2.3 May 2025 Page 11 Most web browsers will provide you with some general information about cookies, enable you to see what cookies are stored on your device, allow you to delete them all or on an individual basis, and enable you to block or allow cookies for all websites or individually selected websites. You can also normally turn off third-party cookies separately. Please note that the settings offered by a browser or device often only apply to that particular browser or device.
  • Information about cookies is usually found in the “Help” section of the web browser. Below are some commonly used web browsers: -
    • Chrome
    • Internet Explorer
    • Microsoft Edge
    • Mozilla Firefox
    • Safari

For further details about how we make use of cookies and how to change your cookie preferences, please read our Cookie Policy.

14. Data Subject and Data Subject (Your) Rights

Data Subject refers to You, as the individual who can be directly or indirectly identified through the information collected and processed Us.

As a Data Subject, you have a number of rights in relation to your personal data. The Company respects your privacy rights and will endeavour to abide by such rights to the extent that they apply and where the processing of your data is applied.

Your rights include:

  • the rights to be informed and the right to access your personal data that is being collected, processed and stored;
  • the rights to amend, delete your personal data;
  • the rights to object and restrict processing of your personal data;
  • the rights to know about the existence of automated decision making and data portability;
  • the right to lodge a complaint with the Office of Information and Data Protection and/or seek judicial remedy in those cases where you believe that your data protection rights have been infringed;
  • the right to withdraw your consent.

If you reside in the EU or in another location that affords you with the below rights, you may contact us at any time at [email protected] and request:

  1. To access (including asking for supplementary information), delete, change or update any Personal Information relating to you (for example, if you believe that your personal information is incorrect, you may ask to have it corrected or deleted);
  2. That we will restrict or cease any further use of your Personal Information;
  3. That we will provide the Personal Information you volunteered to us in a machine-readable format.

Please note that these rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations (such as KYC and AML regulations).

If you have any general questions about the Personal Information that we collect about you and how we use it, please contact us at [email protected]. Any requests received will be given appropriate consideration within the time periods required by the data protection legislation. We also exert the right to request from you a proof of your identity, prior to processing your request. In this way, we ensure that the personal data is not disclosed to unauthorised third parties. We may require additional information in relation to such requests in order to speed up the response process. We reserve our right to withhold your personal data, if disclosing it would adversely affect the rights and freedom to others.

15. Security

We take great care in implementing and maintaining the security of the Service, and our Users’ Personal Information. The Personal Information is hosted on Amazon Web Services, which provides advanced security features. The Company employs industry standard procedures and policies to ensure the safety of its Users’ Personal Information, and prevent unauthorized use of any such information. In addition, in order to safeguard the privacy expectation of the Users, Our Merchant Processing Partner is Payment Card Industry Data Security Standards (“PCI DSS”) certified. Please note that while we take reasonable measures to safeguard your personal data, we cannot fully guarantee its security.

16. Third-Party Websites

Where we provide links to websites belonging to third parties, this Privacy Policy does not in any way cover how the processing of your personal data is with third parties. We suggest that you will read their respective Privacy Policies on the websites that you visit.

While using the Service you may encounter links to third party websites and/or services. Please be advised that such third party websites and/or services are independent of the Company, and may use cookies and other web-tracking technologies to collect non-personal and/or personal information about you. We assume no responsibility or liability whatsoever with regard to privacy matters or any other legal matter with respect to such third party websites and/or services. We encourage you to carefully read the privacy policies and the terms of use of such third party websites and/or services, as their terms, not ours, will apply to any of your interactions with such third parties.

17. Changes to the Privacy Policy

The Company reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes to this Privacy Policy on the Service and/or we will send you an email regarding such changes to the e-mail address that you volunteered. All changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Service after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

18. Have Questions?

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to contact us at [email protected] or via postal mail at the address listed below.

This service is supplied by CF Technologies Ltd.

Centris Business Gateway, Level 4/W, Triq Is-Salib Tal-Imriehel, Zone 3, Central Business District, Birkirkara CBD3020, Malta