Privacy Policy

XM International MU Limited, operating under the trading name XM (hereinafter “XM”, “Company” “we”, “our”, “us”), is authorised and regulated by the Financial Services Commission (“FSC”) of Mauritius as an Investment Dealer (Full Service Dealer, excluding Underwriting) (License No.: GB23202700). XM International MU Limited is part of the Trading Point Group. Each entity of the Trading Point Group has its own separate Privacy Policy. Such entities operate their own websites and as such, if you are interested in learning about how such entities process your personal data, please refer to their corresponding privacy statements which may be found on their specific websites.

As part of our daily business operations, we need to collect personal information relating to you, whether you are an existing client or a prospective client, in order to comply with legal and regulatory requirements, to provide you with our products and services and ensure we can meet your needs when providing these products and services to you. The Company has developed the following Privacy Policy (the “Policy”) that covers the collection, use, processing and disclosure of personal information which we receive directly from you or a third party in connection with our provision of services to you or which we collect from your use of our services and/or our Online Trading Facility (including our Website(s) and mobile application(s)). This Policy also informs you of your rights with respect to the processing of your personal information and how you may exercise them, as well as the access to and correction of that personal information by the individuals concerned.

This Policy is addressed only to the Company’s clients, prospective clients and its website visitors.

This Privacy Policy applies to the processing of personal information by the Company in connection with the provision of financial services and does not apply in relation to websites operated by any other organization and/or other third parties.

The processing of your personal information (which includes the collection, use, rectification, disclosure, storage, etc.) is done in accordance and in compliance with the Mauritian Data Protection Act 2017 (the “DP Act”), the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) if, and to the extent, applicable or any other law or regulation on data privacy and data protection, if, and to the extent, applicable (the “Data Protection Laws”).

In relation to existing and prospective clients, the information that we may collect and process includes the following:

• full name, residential address and contact details (e.g., email address, telephone number, fax etc.);

• date of birth, place of birth, title, gender, citizenship;

• information about your income and wealth, including details about your source of funds, assets and liabilities, bank account information, e-wallet information, credit card related information, trading statements, FATCA and CRS information and financial statements;

• trading account balances, trading activity, your inquiries and our responses;

• information on whether you hold a prominent public function (PEPs);

• academic and educational information/background;

• profession and employment details;

• authentication data (e.g., signature)

• verification information, which includes information necessary to verify your identity and address, such as a passport, ID Card or driver’s license, utility bills or bank statements (examples also include background information we receive about you from public records or from other entities not affiliated with us); furthermore, we may collect other identifiable information such as identification numbers and/or Passport/Tax registration numbers;

• any other information customarily used to identify you and about your trading experience which is relevant to us providing our services to you;

• trading performance, knowledge and experience, risk tolerance and risk profile;

• location data (IP address, device and network specifications);

• marketing and communication data (e.g., preferences, selections, marketing permissions and prohibitions);

• technical data/verification information, which includes information necessary to verify your identity such as a passport or driver’s license (examples also include background information we receive about you from public records or from other entities not affiliated with us); furthermore, we may collect other identifiable information such as identification numbers and/or Passport/Tax registration numbers;

• activity (e.g., login information, preferred language, activity journals, historical data about your trading activity and investments, etc.);

• behavior data/information and movement on the website (e.g., preference for certain types of products and services, session information, visits and actions taken on the website, and other information about your interactions with our website);

• any other personal information requested by us and/or provided from you or from third-parties as part of our provision of the Services to you.

Sensitive information or special categories of personal data is a sub-set of personal information that is given a higher level of protection under the Applicable Data Protection Laws. It refers to information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union or other professional associations or memberships, sexual orientation or practices or preferences, genetic or biometric data, criminal records, health information.

We do not currently collect sensitive information from you. However, if we do so, we will not collect sensitive information from you without first obtaining your consent.

Provided you consent, your sensitive information may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected. Sensitive information may also be used or disclosed if required or authorised by law.

We obtain this information in several ways such as through your use of our services or in the course of other business transactions between you and the Company. This includes collection of the data through any of our websites (i.e., by using cookies), mobile applications, the account opening applications, our demo account registration forms, webinar sign up forms, subscriptions to news’ updates as well as from ongoing customer service communications and our ongoing business relationship. We may also collect this information about you from third parties such as through publicly available sources, the Internet, social media platforms, introducing brokers and affiliates, banks and credit card processors, and subscription-based intelligence/screening databases.

We may ask for other personal information voluntarily from time to time (for example, through market research or surveys or offers). If you choose not to provide the information that we need to fulfil your request for a specific product or service, we may not be able to provide you with the requested product or service.

We record any communications whether electronic, by telephone, in person, or otherwise, that we have with you in relation to the services we provide to you and our business relationship with you. We also record the communication that takes place between you and the Company in relation to the transactions made with you and the provision of services relating to the acceptance, transmission and execution of your orders. These recordings will be our sole property and will constitute evidence of the communications between us. Such telephone conversations may be recorded without the use of a warning tone or any other further notice.

Further, if you visit any of our offices or premises, we may have CCTV which will record your image.

Unsolicited Personal Information

In the event we receive personal information about an individual which is unsolicited by us and not required for the provision of our services, we will securely destroy/delete the information (provided it is lawful and reasonable for us to do so).

We may process your personal data on one of the following legal bases:

a) Performance of contractual obligations

We process your personal data to provide our services and products to you and fulfill our obligations arising from our contractual relationship with you. This includes the purpose of implementing and completing our client on-boarding/acceptance procedures and effectively managing your trading account(s) during the course of our business relationship.

b) Compliance with legal and regulatory obligations

There are several legal and regulatory obligations emanating from the relevant laws to which we are subject as well as statutory requirements (e.g., the anti-money laundering laws, financial services laws, corporation laws, privacy laws and tax laws) that we need to be compliant with at all times. There are also various supervisory authorities whose laws and regulations apply to the Company and we must adhere to these as well. Such obligations and requirements impose on us necessary personal data processing activities (e.g., collection, retention, etc.) which relate, among other, to credit checks, identity verification, payment processing, compliance with court orders, tax law or other reporting obligations and anti-money laundering and due diligence requirements.

These obligations are applicable throughout the duration of our business relationship with you, including client onboarding/acceptance, payments and systemic checks for risk management.

c) Safeguarding our legitimate interests

We may process your personal information in order to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. Despite that, it must not unfairly go against what is right and best for you. Examples of processing activities for which legitimate interest may be used as our legal basis include the following:

• initiating legal claims and preparing our defense in litigation procedures;

• fraud/crime detection and prevention purposes (e.g., ML/CTF detection and prevention, KYC/CDD purposes, credit checks and risk assessment purposes, PEP status identification purposes, insurance purposes);

• following industry watch-lists (e.g., FATF, etc.);

• information, system, network and cyber security (e.g., monitoring, detecting and protecting the Company, its systems, network, infrastructure, website(s), computers, confidential information, Intellectual Property and other rights, etc.)

• CCTV systems (e.g., at our premises for security reasons);

• general corporate operations and business management (e.g., administrative operations, planning strategies for business growth, internal business reporting, business intelligence operations, managing third-party relationships, processing identifiable data for the sole purpose of anonymizing/de-identifying/reidentifying it for the purposes of using the anonymized data for other purposes such as product/services improvement, analytics, etc.);

• sharing your personal data with other entities of the Trading Point Group who provide support and administrative services to the Company;

• Product development and enhancement (e.g., to improve performance of the app, troubleshoot bugs, and for other internal product needs, analysis of log files for product use and performance, monitor use and conduct analytics on our website or app use, pages and links clicked, patterns of navigation, time at a page, devices used, location of users, etc.);

• ensuring effective risk management;

• managing queries and complaints;

• communications, marketing and intelligence (e.g., to inform you about our services and products in connection to your trading account(s), to market the same or similar or related products and services, create aggregate reports, ad performance and conversion, etc.).

Where our processing of your personal information does not fall under one of the above three lawful bases, we require your consent. Such consent shall be freely given by you and you have the right to withdraw your consent at any time by contacting us using the contact details set out in this Policy or by unsubscribing from our email lists. Any processing of personal data prior to the receipt of your consent withdrawal will not be affected.

We may use personal information provided by you through our Website, or Online Trading Facility or otherwise, and personal information provided during our business relationship to communicate with you for marketing or promotional purposes as well as to provide you with market news and analytical reports. The channels used for such communications may include telephone, emails, notifications through your secure Members Area and text messaging notifications, including push notifications and in-app notifications.

You have the right to opt out by sending an email to our data protection team at dpo@xmglobal.com from the email address you used to register your trading account with us

Processing of your personal information based on the above lawful bases may take place for the following purposes:

1. To assess the appropriateness of our services/products for the Clients.

2. To provide you with products and services, or information about our products and services, and to review your ongoing needs.

Once you successfully open a trading account with us, or subscribe to an update or webinar, we will need to use your personal information to perform our services and comply with our obligations to you. It is also in our legitimate interests to ensure that we are providing the best products and services so we may periodically review your needs to ensure that you are getting the benefit of the best possible products and services from us.

3. To help us improve our products and services, including customer services, and develop and market new products and services.

We may from time to time use personal information provided by you through your use of the services and/or through client surveys to help us improve our products and services. It is in our legitimate interests to use your personal information in this way to ensure the highest standards when providing you with our products and services and to continue to be a market leader in the financial services industry.

We track visitor activity and behavior at our website every time you access the website and the resulting data allows us to provide more effective user support if you need any help or advice using our website. We note that this information cannot be used to identify you.

4. To form a profile about you

We may from time to time use personal information about you to form profiles about you so that we can understand your needs and provide the best possible products and services to you.

5. To investigate or settle enquiries or disputes.

We may need to use personal information collected from you to investigate issues and/or settle disputes with you as it is in our legitimate interests to ensure that issues and/or disputes get investigated and resolved in a timely and efficient manner and in accordance with our regulatory obligations.

6. To comply with applicable laws, court orders, other judicial process, or the requirements of any applicable regulatory authorities.

We may need to use your personal information to comply with any applicable laws and regulations, court orders or other judicial process, or the requirements of any applicable regulatory authority. We do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.

7. To send you surveys.

From time to time, we may send you surveys as part of our customer feedback process, either directly or through a third-party service provider. It is in our legitimate interest to ask for such feedback to try to ensure that we provide our services and products at the highest standards. However, we may, from time to time, also ask you to participate in other surveys and if you agree to participate in other surveys we rely on your consent to use the personal information we collect as part of such survey. All responses to any survey we send out whether for customer feedback or otherwise will be aggregated and de-personalized before survey results are shared with any third parties.

8. Data analysis

Our website pages and e-mails may contain web beacons or pixel tags or any other similar type of data analysis tools that allow us to track receipt of correspondence and to count the number of users that have visited our webpage or opened our correspondence. Why may aggregate your personal information (such as trading history) with the personal information of our other clients on an anonymous basis (that is, with your personal identifiers removed) so that more rigorous statistical analysis of general patterns may lead to us providing better products and services.

If your personal information is completely anonymized, we do not require a legal basis as the information will no longer constitute personal information. If your personal information is not in an anonymized form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market.

9. Marketing Purposes

We may process your personal information to send you marketing communications by email or phone or other agreed forms (including social media campaigns) to ensure that you are always kept up to date with our latest products and services. If we send you marketing communications, we will either do so based on your consent or if it is in our legitimate interest.

We will not disclose your information to any third-parties for the purpose of allowing them to directly market to you.

10. Internal business purposes and record keeping

We may need to process your personal information for internal business and research purposes as well as for record-keeping purposes. Such processing is in our own legitimate interests and is required in order to comply with our legal and regulatory obligations. This may include any communications that we have with you in relation to the services and products we provide to you and our relationship with you. We will also keep records to ensure that you comply with your contractual obligations pursuant to the agreement governing our relationship with you.

11. Legal Notifications

Often the law requires us to advise you of certain changes to products or services or laws. We may need to inform you of changes to the terms or the features of our products or services. We need to process your personal information to send you these legal notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us.

12. Corporate restructuring

If we undergo a corporate re-structuring or part, or if all of our business is acquired by a third party, we may need to use your personal information in association with that re-structuring or acquisition. Such use may involve sharing your information as part of due diligence enquiries or disclosures pursuant to legal agreements. It is our legitimate interest to use your information in this way, provided we comply with any legal/regulatory obligation we have towards you.

13. Physical Security

If you enter any of our premises, we may record your image on our CCTV for security reasons. We may also take your details to keep a record of who has entered our premises on any given day. It is in our legitimate interest to do this to maintain a safe and secure working environment.

The Company shall not disclose any of its clients’ confidential/personal information to a third party, except as provided herein below. As part of processing your personal information for the purposes set out above, the Company may disclose your personal information to:

• other entities of the Trading Point Group who provide financial services and/or administrative and support services to the Company;

• our service providers and specialist advisers who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, research or other services;

• companies providing services in the areas of fraud and crime prevention;

• credit providers, credit reporting or reference agencies, courts, tribunals and regulatory authorities as agreed or authorized by law;

• business introducers/affiliates with whom we have a mutual business relationship;

• companies providing services in the areas of IT, support, marketing, external and internal audit, cloud storage;

• third-party apps’ providers when you use our mobile app(s), communication systems and trading platforms which are provided to us by third-parties;

• payment service providers (PSPs) and/or banking institutions for the purposes of processing your transactions (i.e., deposits/withdrawals) to/from trading account(s) and/or commencing an investigation regarding such transactions (e.g., third party deposits);

• government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests;

• third-parties to whom we may choose to sell, transfer or merge parts of our business or our assets or of other Trading Point Group entities; additionally, we may seek to acquire other businesses or merge with them;

• any third-party where such disclosure is required in order to enforce or apply our Terms and Conditions of Business (Customer Agreement) or other relevant agreements;

• anyone authorized by you.

If the Company discloses your personal information to business parties, such as card processing companies or banks, in order to perform the services requested by you, such third parties may store your information in order to comply with their legal and other obligations.

We endeavor to disclose to these third-parties only the minimum personal data that is required to perform their contractual obligations to us and on a need-to-know basis. Our third-party service providers are not permitted to share or use personal data we make available to them for any other purpose than to provide services to us.

Generally, we require that organizations outside the Trading Point Group who handle or obtain personal information to acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with all relevant data protection laws and this Privacy Policy. Please note that the use of your personal information by external third parties who act as data controllers of your personal information is not covered by this Privacy Policy and is not subject to our privacy standards and procedures. We encourage you to check with each third-party as to their privacy practices and procedures.

Please note that the use of your personal information by external third parties who act as data controllers of your personal information is not covered by this Privacy Policy and is not subject to our privacy standards and procedures. We encourage you to check with each third-party as to their privacy practices and procedures.

The Company implements and maintains appropriate technical and organizational measures to ensure the safeguarding and protection of any personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed by us.

The Company also ensures that any processing activity to such personal data is in accordance with the applicable data protection laws and regulations. We regularly train all of our employees and raise awareness regarding the importance of maintaining, safeguarding and respecting your personal information and privacy. We take breaches of individuals’ privacy very seriously and will impose appropriate disciplinary measures, including dismissal where necessary.

The personal information you provide to us when registering as our Client and as a user of the Company’s Website(s) / Online Trading Facility, is classified as registered information which is protected in several different ways. You can access your registered information after logging in to your Members Area by entering your credentials (username and password). It is your responsibility to make sure that your password is only known to you and not disclosed to anyone else. Registered information is securely stored in a safe location and only authorized personnel have access to it via secure access control. All personal information is transferred to the Company over a secure encrypted connection and thus all necessary measures are taken to prevent unauthorized parties from viewing any such information. Personal information provided to the Company that does not classify as registered information is also kept in a safe place and is accessible by authorized personnel only.

Other measures we have in place include, but are not limited to:

• requiring our employees to use passwords and two-factor authentication when accessing the Company’s systems;

• applying Chinese walls and employees only have access to the personal data required for the purposes of their job duties and respective tasks they handle.

• employing firewalls, intrusion detection systems and virus scanning tools;

• using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;

• implementing a clean desk policy in all premises occupied by us and/or associated companies and providing secure storage for physical records; and

• employing physical and electronic means such as access cards, cameras and security guards to protect against unauthorized physical access.

Safeguarding the privacy of your information is of utmost importance to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium. We are required to hold your personal data for as long as we have a business relationship with you, in a combination of secure computer storage facilities and paper-based files and other records and we take the necessary measures to protect this information from misuse, loss, unauthorized access, modification or disclosure. When we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records.

However, we may need to maintain records for a significant period of time. For example, we are subject to investment services laws as well as anti-money laundering laws which require us to retain the following, for a period of seven (7) years after our business relationship with you has ended:

Also, the personal information we hold in the form of a recorded communication, by telephone, electronically or otherwise, will be held for longer if we have legitimate interests to do so (e.g., technical or security reasons, etc.), or if required by relevant legal or regulatory obligations (such as handling a dispute with you; is requested by a regulatory authority; etc.).

If you have opted out of receiving marketing communications, we will hold your details on our suppression list so that we know you do not want to receive these communications.

We may transfer, or store, your personal information inside or outside Mauritius and/or the European Economic Area. We may also transfer the data to other Trading Point Group companies or other service providers (i.e., Processors) who have been contracted by us. Such staff may be, among others, engaged in the fulfilment of your requests, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing and processing. The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

To the extent we transfer your information outside Mauritius or the EEA, we will ensure that the transfer is lawful and that Processors in third countries are obligated to comply with the applicable Data Protection Laws or other countries’ laws which are comparable and to provide appropriate safeguards of an adequate level in relation to the transfer of your data, in accordance with the applicable Data Protection Laws. If we make transfers to Processors in the USA or any other country outside Mauritius or the EEA for which an adequacy decision has not been issued by the European Commission (EC), we may in some cases rely on applicable standard contractual clauses, binding corporate rules, or any other equivalent applicable safeguarding arrangements.

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data;

• In the absence of an adequate level of protection, we will transfer your personal data provided one of the legal safeguards is in place and if they provide adequate level of protection to personal data, so we have put in place appropriate data transfer mechanisms to ensure personal data is protected;

If we make transfers to processors in the USA or any other country outside the EEA for which an adequacy decision has not been issued by the European Commission (EC), we may in some cases rely on applicable standard contractual clauses, binding corporate rules, or any other equivalent applicable safeguarding arrangements.

If you instruct us to cease using or processing your personal data, the Company has the right to terminate any existing services to you immediately (or within a reasonable time, as determined by the Company).

Internet cookies are small pieces of data sent from our website(s) to your browser and stored on your computer’s hard drive when using our website(s), and they may include a unique identification number. The purpose of collecting this information is to provide you with a more relevant and effective experience on our website(s), including the presentation of our web pages according to your needs or preferences.

Cookies are frequently used on many websites on the internet, and you can choose if and how a cookie will be accepted by changing your preferences and options in your browser. You may not be able to access some parts of our website(s) if you choose to disable the cookie acceptance in your browser, particularly in the Company’s Members Area and other secure parts of our website(s). We therefore recommend you to enable cookie acceptance in order to benefit from all our online services.

Furthermore, we use cookies for re-marketing features in order to allow us to reach out to users who have previously visited our website(s) and have shown an interest in our products and services. Periodically, we may use third party vendors, such as Google and AdRoll, to display our ads over the internet to you, based on your previous use of our website(s). You can opt out this particular use of cookies at any time by visiting Google’s Ads Settings page and the DoubleClick opt-out page or as they later update those facilities.

The Company uses session ID cookies and persistent cookies. A session ID cookie expires after a set amount of time or when the browser window is closed. A persistent cookie remains on your hard drive for an extended time period. You can remove persistent cookies by following directions provided in your web browser's ‘Help’ file.

For further details about our cookie policy and how our cookies work, read our Cookies Policy here.

The rights that might be available to you in relation to the personal information we hold about you are set out below. You may exercise these rights by sending us an email at dpo@xmglobal.com. Please note that these rights do not apply in all circumstances.

Information and Access

If you ask us, we will confirm whether we are processing your personal information and, if so, what information we process and, if requested, provide you with a copy of that personal information (along with certain other details) within thirty (30) days from the date of your request. If you require additional copies, we may need to charge a reasonable administration fee.

Rectification

It is important to us that your personal information is up to date. We will take all reasonable steps to make sure that your personal information remains accurate, complete and up-to-date. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your personal information to others, we will let them know about the rectification where possible. If you ask us, if possible and lawful to do so, we will also inform you who we have shared your personal information with so that you can contact them directly.

You may inform us at any time that your personal details have changed by sending us an e-mail at support@xmglobal.com. The Company will change your personal information in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof, i.e. personal information that we are required to keep for regulatory or legal purposes such as proof of address documentation.

Erasure

You can ask us to delete or remove your personal information. Note, however, that we may not always be able to fulfill your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request (e.g., if we have a legal or regulatory obligation to retain the data).

In other words, an erasure request is subject to any retention requirements we must comply with in accordance with applicable laws and regulations and subject to section 'Storage of Your Personal Information and Retention Period'. If we have disclosed your personal information to others, we will let them know about the erasure request where possible.

Processing restrictions

You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as if you contest the accuracy of that personal information or object to us processing it. However, we will continue to retain your personal information where necessary in order to comply with our legal and regulatory obligations. We will inform you before we decide not to agree with any requested restriction. If we have disclosed your personal information to others, we will inform about the restriction request if possible.

Data Portability

You have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used and machine-readable format) and to re-use it elsewhere or ask us to transfer this to a third-party of your choice. Note that this right only applies to automated information (i.e., not to hard copies) which you initially provided consent for us to use or where we used the information to perform a contract with you.

Objection

You can ask us to stop processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

Consent Withdrawal

You have the right to withdraw your consent at any time where we are relying on consent as our legal basis to process your personal information. You may do so by sending your request at dpo@xmglobal.com using your registered email address.

Further, should you wish to exercise any of your other rights, you can also send your request at dpo@xmglobal.com using your registered email address. We will respond to all requests within 1 (one) month. Occasionally, it may take us longer than 1 (one) month if your request is particularly complex or you have made several requests. In this case, we will notify you accordingly that more time is needed within this 1 (one) month period and we will keep you updated.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We may charge you a reasonable fee when a request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. In this case we will send you a fee request which you will have to accept prior to us processing your request. Alternatively, we may refuse to comply with your request in these circumstances.

To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Automated decision-making and profiling

If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to use the services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even where a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention.

Data Protection Office
Level 5 SICOM Tower,
Wall Street, Ebene.

Please consult the Data Protection Office website for further information at: https://dataprotection.govmu.org/

The Company shall not be liable for misuse or loss of personal information or otherwise on the Company’s Website(s) that the Company does not have access to or control over. The Company will not be liable for unlawful or unauthorized use of your personal information due to misuse or misplacement of your passwords, negligent or malicious intervention and/or otherwise by you or due to your acts or omissions or a person authorized by you (whether that authorization is permitted by the terms of our legal relationship with you or not).

Our Policy is reviewed from time to time to take into account new laws and technologies, changes to our operations and practices, and to ensure that it remains appropriate to the changing environment.

If we decide to change our Policy, we will post those changes to this Policy and other places we deem appropriate so that you are made aware of such changes.

For any questions, queries, concerns or complaints about any aspect of our privacy practices you can contact us via email at dpo@xmglobal.com

If your complaint or concern is not resolved, you can contact the Office of the Data Protection Commissioner at the address below: