X Bank’s Privacy policy

In this Privacy Statement, the terms “Controller”, “Data Subject”, “Personal Data”, “Processor”, and “Process/Processing” shall have the meanings assigned to them by the EU General Data Protection Regulation (Regulation (EU) 2016/679) (referred to as “GDPR”).

This Privacy Statement outlines how X Bank, as the data Controller, Processes your Personal Data in relation to the data Processing activities detailed herein. We encourage you to thoroughly review this Privacy Statement to gain a clear understanding of our data Processing practices.

X Bank gathers information about individuals, including Personal Data, through its websites (such as when you submit your data via our online forms or use xbankintl.com as a registered user), during interactions with us (such as phone calls, emails, mail correspondence, or use of our applications), or through our customers, vendors, and partners.

X Bank Processes Personal Data in accordance with the GDPR and other relevant data protection laws (collectively referred to as “Data Protection Laws”). This Privacy Statement may be supplemented by additional privacy statements specific to the visited website.

This Privacy Statement applies primarily to institutional clients, their representatives (including directors, officers, shareholders, and ultimate beneficial owners), business partners, vendors, and users of X Bank’s websites. X Bank does not provide services to retail customers.

X Bank may Process various types of Personal Data collected from the following sources:

1. Information Directly Collected from Data Subjects: Data Subjects may submit their Personal Data online, register for events, or use paper forms. They may also provide Personal Data when contacting X Bank through other means. The Personal Data collected includes, depending on the communication channel, website, activity, or form used: IP address, identification and contact information (such as name, job title, company name, industry, phone number, email, or postal address), login details, browsing activity, history of interactions with X Bank (such as event attendance, photographs, downloads, connection logs), communication content, dates and times, attachments, marketing preferences, and any other information directly provided by the Data Subjects.
2. Information Collected through Customer, Vendor, and Partner Relationships: X Bank may receive professional contact details of employees and other individuals associated with X Bank’s customers, partners, and vendors. This includes names, email addresses, phone numbers, titles, departments, and other information relevant to the business relationship. Customers, vendors, and partners submitting Personal Data of a Data Subject to X Bank must ensure compliance with all applicable laws and regulations, provide notice to the Data Subject about the X Bank Purposes, and obtain appropriate consent where required.
3. Information Collected Automatically: X Bank may automatically collect information about a Data Subject’s use of X Bank websites, products, and services through logs, cookies, web beacons, and similar technologies. Data Subjects are informed of such Processing through this Privacy Policy available on the X Bank website.

X Bank Processes Personal Data for the following purposes (collectively referred to as “X Bank Purposes”):

1. Customer Management:
• Providing X Bank services and products.
• Managing X Bank governance.
• Handling contacts and relationships with our customers and prospects.
• Organizing and managing X Bank advisory and working groups.
• Managing the admission and ongoing relationships of X Bank customers or shareholders.

2. Third Party Management:
• Managing vendors and partners.
• Conducting accounting, record-keeping, security, fraud detection, claim management, and audits.

3. Website Operations:
• Managing IP addresses, cookies, web acceleration, data security, and anonymizing data for reporting and statistics, as well as for customer retention.
• Enhancing and maintaining our websites and infrastructure.
• Exercising X Bank’s obligations, rights, and remedies as outlined in this Privacy Policy and the Terms of Use related to specific websites (e.g., xbankintl.com terms of use).

More details about the collection, use, and Processing of your Personal Data for these specific purposes are provided in the following sections. Where applicable, we indicate whether, and why, you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide your data when requested, and if that data is necessary to provide you with X Bank services and products or if we are legally required to collect it, you may not be able to fully benefit from our services.

X Bank may Process Personal Data of employees or representatives of our customers (including prospects) for various purposes including the development, subscription, deployment, provision, support, evaluation, and invoicing of X Bank services and products. This includes services and products offered to X Bank partners or service bureaus, and online services and products via its websites.

Typically, X Bank needs to Process Personal Data for the admission of a customer or shareholder, including due diligence purposes and the ongoing management of such customer or shareholder relationships.

Additionally, X Bank may request specific Personal Data to register and manage customers’ security officers, who handle security matters for X Bank users, as required to use X Bank products and services.

Legal Grounds for Processing:

• Contractual Necessity: Processing Personal Data to provide X Bank services and products you have subscribed to, or to enable participation in a working group.
• Legitimate Interest: Processing Personal Data to operate quality services and products, establish and maintain good and ethical relationships with customers and shareholders, ensure proper implementation of contracts, and maintain good internal governance.

As a regulated financial institution (or institution in the process of obtaining regulatory authorization), X Bank Processes Personal Data for the purposes of customer due diligence (CDD), enhanced due diligence (EDD), sanctions screening, politically exposed person (PEP) identification, transaction monitoring, fraud prevention, and compliance with applicable AML/CFT and sanctions regulations. Such Processing may be required by law and does not rely on consent.

X Bank Processes Personal Data (primarily professional contact details of contacts at vendors and partners) to manage and maintain commercial relationships, including due diligence, contract management, and invoicing.

Additionally, X Bank Processes Personal Data for broader purposes such as accounting, record-keeping, customer information management, security investigations, fraud detection, claim management, and audits.

Legal Grounds for Processing:

• Legal Obligation: Processing Personal Data to comply with legal obligations, such as those related to fraud prevention, accounting, or tax requirements.
• Legitimate Interest: Processing Personal Data to ensure the safety, security, and performance of its business, and to maintain good and ethical relationships with vendors and partners.

We use Google reCAPTCHA on our website to enhance security by preventing spam and abuse. reCAPTCHA is a service provided by Google Inc. ("Google").

Data Collection by reCAPTCHA: reCAPTCHA collects personal data from users to determine whether they are human and not automated bots. This data includes:

• IP address
• information about the user's browser and operating system
• mouse movements and keyboard strokes
• date and time of access
• cookie data

Purpose of Data Collection: The data collected through reCAPTCHA is used for the following purposes:

• to protect our website from spam and abuse
• to improve the security of our website
• to ensure the proper functioning of our website

Data Sharing with Google: The data collected through reCAPTCHA is shared with Google. Google's use of the data is governed by its own privacy policy, which you can review here: Google Privacy Policy

How We Use Your Information: We use the information we collect in the following ways:

• to protect the security and integrity of our website
• to prevent fraudulent activity
• to comply with legal obligations
• to analyze and improve our website

X Bank has a legitimate interest in Processing your Personal Data for the operation of its websites and infrastructure, as detailed below:

IP Addresses: For internal purposes, X Bank may use IP addresses (the Internet address of your computer) stored in web logs to generate aggregate statistics on website usage, such as volume, traffic patterns, and time spent on pages.

Cookies: Our websites use cookies, which are small pieces of information stored by your browser on your computer's hard drive or in your browser memory. Information stored in cookies may include your name, registration number on https://xbankintl.com/, language preference, navigation settings, login ID, and IP addresses. Where required under applicable Data Protection Laws, X Bank will seek your consent to use cookies and similar technologies. For detailed information on the use and purposes of cookies, please refer to the related Cookie Policy.

Search Relevance: X Bank websites and applications use user tracking and usage analytics (profile and actions performed, such as keywords searched and results selected) to enhance the relevance of web content for users. We use a third-party supplier to achieve this, aiming to improve the end-user web experience. This supplier Processes data strictly according to our instructions for search optimization and provides sufficient guarantees regarding technical and organizational data security measures. The supplier also commits to notifying us in the event of a security breach compromising your Personal Data (see also the 'Sharing Data' section below).

Hyperlinks to Other Websites: Our websites may contain links to other websites not owned or operated by X Bank. X Bank is not responsible for the privacy practices of these external websites.

Data Anonymization for Reporting and Statistics: X Bank has a legitimate interest in producing reports and statistics about the usage of its websites (e.g., number of visitors per day, geographical reach). These reports will be fully anonymized to ensure privacy.

We are committed to protecting your Personal Data against accidental or unlawful destruction, accidental loss, alteration, and unauthorized disclosure or access. To ensure this, we monitor and record data exchanges (IP address, timestamp, volumes), both incoming and outgoing, to maintain the security, integrity, and availability of our infrastructure and information/data. In case of suspicious activity, X Bank may collect data (including Personal Data) from various sources (e.g., public sources, threat intelligence providers) to initiate and manage its own investigation.

Any Personal Data collected during this process may be disclosed to competent authorities where required or permitted by law.

Please note that we cannot guarantee the security of your data on your computer or during transmission over the Internet. We advise you to take all necessary precautions to protect Personal Data stored on your computer and while it is transmitted over the Internet.

As a general rule, X Bank ensures that your Personal Data is only accessible or shared on a need-to-know basis with authorized individuals who have a legitimate business need to Process this data.

For example, X Bank may share your Personal Data (such as your identification and contact details, as well as your function and role profile) with people within your own organization, on a need-to-know basis, when this sharing is required for the administration of the X Bank membership or for fulfilling the contract between X Bank and your organization.

In the event of a security investigation, X Bank only discloses Personal Data to customers impacted by the security incident.

Additionally, X Bank may disclose Personal Data to third parties under exceptional circumstances when:

• Disclosure is required by law or regulation;
• Non-disclosure would expose X Bank or its staff to civil or criminal liability;
• Disclosure is necessary to cooperate with competent authorities;
• Disclosure is necessary for individuals involved in further investigations or subsequent judicial proceedings initiated as a result of an inquiry by X Bank (e.g., external counsel) or at a customer’s request.

Before sharing your Personal Data, we require third parties acting as Data Processors to process your Personal Data only according to our instructions and to provide sufficient guarantees regarding the technical and organizational security measures protecting the data processing activities.

Personal Data may be transferred to, stored, or processed in jurisdictions outside the European Economic Area, including jurisdictions where X Bank, its affiliates, regulators, or service providers are located. Where required, X Bank implements appropriate safeguards in accordance with Data Protection Laws, including standard contractual clauses or equivalent mechanisms.