Privacy Policy
Amwali Middle East respects your privacy and is committed to protecting your personal information or, in other words, your “personal data”. In this regard, Amwali Middle East has launched and offers a service that provides our clients (subject to prior account registration) with access to certain virtual financial assets on an online trading platform (“Platform”) accessible through the website www.exbita.com (accessible via the web) or any application programming interface (API) provided by Amwali Middle East in connection with our mobile applications or the Site. The Platform automatically matches trades with open orders of other investors. In addition to the matching and trading services offered through the Platform, the Platform also offers digital wallet services to registered account users, allowing them to store virtual financial assets traded on the Platform.
This Privacy Policy describes how information about you is collected, used and disclosed by Amwali Middle East and when you:
Visit and use the Site and/or Platform (regardless of where you are visiting or using it from);apply for and open an account in respect of our Platform (your "Account"); oathApply for, receive or use any of the related services we offer in connection with the Platform, including our virtual financial asset exchange and digital wallet services ("Services").This includes any data you may provide for our newsletters, updates, events and other marketing and promotional communications.
This Privacy Policy also explains (i) how we will handle and protect your personal data, (ii) our obligations regarding the responsible and secure processing of your personal data, (iii) your data protection rights as a data subject, and (iv) how the law protects you. It should be read together with our IP Address and Cookies Policy available at https://exbita.zendesk.com.
KEY DEFINITIONSSet out below are basic definitions of certain data protection terms appearing in this Privacy Policy.
Consent formmeans the separate documents we may provide to you from time to time when we ask for your express consent for any processing other than those set out in this Privacy Policy.
Data subjectsmeans living individuals (i.e. natural persons) about whom we collect and process personal data.
Data controlor "controller" means any body or person who determines the purposes and manner of processing of any personal data.
Data processoror "processor" means any entity or individual who processes data on our behalf and according to our instructions (we being the data controller).
Personal datameans data relating to a living individual (i.e. natural person) who can be identified from the data (information) we have or possess. This includes your first and last name (including maiden name if applicable), address, date of birth, nationality, gender, marital status, tax status, identity card number and passport number, contact details (mobile and home telephone number and personal email address), photographic image, bank account details, emergency contact details and online identifiers. The term "personal information" has the same meaning as personal data wherever and whenever used in this Privacy Policy.
Processingmeans any activity involving the use of personal data. It includes any operation or set of operations performed on data, including collecting, recording or retaining data, or organising, structuring, storing, adapting or altering data, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying data. Processing also includes the transfer of personal data to third parties.
Sensitive personal information"Sensitive data" or "special categories of personal data" include information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, genetics and genetic-related aspects, physical or mental health or condition, or sexual life. or about the commission or prosecution of any offence committed or alleged to have been committed by that person, the termination of such proceedings or any conviction or sentence by any court in such proceedings. Such sensitive data may only be processed under the strict conditions set out in Articles 9 and 10 of the GDPR.
Note that personal data does not include information relating to a legal person (for example, a company or other legal entity). In that regard, information such as a company name, its company number, registered address and VAT number does not amount to personal data in terms of both the Act and the GDPR. Therefore, the collection and use of information strictly pertaining to a legal person does not give rise to data controller obligations at law. Naturally, we will still treat any and all such information in a confidential and secure manner.
PERSONAL DATA WE COLLECT ABOUT YOUPersonal data or personal information means any information about an individual from which that individual can be identified (as defined above). It does not include data where the identity has been removed and cannot be associated with an identified or identifiable individual (anonymous data). During your relationship with us (including at the account opening stage), we may collect, use, store and transfer different types of personal data about you, which we group together.
We collect information that you provide to us directly. For example, when you create an account, participate in any interactive feature of the Services, fill out a form, participate in a community or forum discussion, complete an exchange transaction, apply for a job on Amwali Middle East, request customer support, or otherwise contact us. The types of information we may collect include your name, date of birth, email address, mailing address, telephone number, certain virtual financial asset information, as well as other information you choose to provide. Only personal information that is necessary to operate and perform our duties and services or that is voluntarily provided by you is collected.
For the avoidance of doubt, the categories marked in blue apply to customers (i.e. those who have a registered customer account with us). We will request this information in order to register you on our Platform.
Identity Dataincludes your first name, maiden name (if applicable), last name, address, username or similar identifier, marital status, title, nationality, date of birth, gender, photograph, identity card and/or passport number. This will form part of your account information on the Platform.
Contact Dataincludes your billing address, email address and contact number (telephone and/or mobile phone).
Financial Dataincludes your bank account and payment details.
AML / KYC Dataincludes the following due diligence/KYC information and documents about you: (i) a photocopy of a valid ID. card or passport, (ii) proof of residence (e.g. identity confirmation), (iii) KYC database checks, (iv) fraud database checks and (v) any other documents or information we may from time to time:
Marketing and Communication Dataincludes your preferences in receiving marketing from us and our third parties and your communication preferences.
The personal data categories marked in green below apply to customers who start transactions through the Platform and otherwise use our Services and thus have a registered account with us in addition to the data categories marked in blue above.
In accordance with the relevant legal obligations, AML/KYC Data will be stored for a period of ten years from the termination of the customer relationship. The purpose of storage is based on ensuring the functionality of the system, the execution of transactions on the Platform, and compliance with legal obligations regarding KYC/AML/due diligence tasks.
Transaction dataContains details about:
Portfolio DataIt contains details regarding virtual financial assets and amounts deposited into your Account and your Account balances.
Advanced KYC DataIt applies to situations mandated by our AML-KYC Policy and includes, among other scenarios, situations where a higher risk of money laundering and terrorist financing is identified.
The purpose of storage is to ensure the functionality of the system, to ensure the execution of transactions on the Platform, to comply with legal obligations regarding KYC/AML/due diligence tasks and to preserve system integrity.
HOW IS YOUR PERSONAL DATA COLLECTED?
1. Account Registration and Opening.When you apply to register and open an account on our platform (including during the account finalization phase), we will ask you to provide us with your Identity, Contact, Financial and AML/KYC Data. When you complete and submit our application form (along with other relevant forms) and complete our required application steps, you provide us with such personal information and information, which we collect and process.
2. Use of the Service.This encompasses all of the data categories listed in Section 3 (namely, Identity, Contact, Financial, AML and KYC Data, Marketing and Communication Data; Enhanced KYC Data, Portfolio Data, and Transaction Data)
3. Direct Interactions.You may also provide us with your Identity, Contact, Financial, AML/KYC Data, Marketing and Communication Data and Transaction Data by completing our other forms (i.e. separate from our account opening and registration form) or by corresponding with us by post, phone, email or otherwise. This includes, where applicable, personal data you provide:
apply to open an account;update or edit your account details;Subscribe to our platform;Request a withdrawal of funds from your account;Contact us for complaints or questions;report issues;submit any (additional or supplementary) AML/KYC Data we may request from you;request marketing to be sent to you;participate in a survey; orprovide us with feedback.Automated Technologies or Interactions.When you interact with the Platform and the Site, we may automatically collect Technical Data about your equipment, browsing actions and patterns (please see the "Technical/Log Data" bullet point for related information collected and processed). We collect this personal data using cookies, server logs and other similar technologies.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that choosing to remove or reject cookies may impact the availability and functionality of our Services.
privacy_page.section_four_body_4_body_3
HOW DO WE USE YOUR PERSONAL DATA?We will only use your personal data when permitted by Liechtenstein law. Most commonly, we will use your personal data in the following situations:
External Where it is necessary for our legitimate interests (or the interests of a third party) and your interests and fundamental rights do not override those interests. Third parties.
When we need to comply with a legal or regulatory obligation.
DISCLOSURES OF YOUR PERSONAL DATAWe may need to share your personal data with the parties listed below for the purposes stated above.
External third parties.Suppliers and external agencies we engage to process information on our and/or your behalf, including providing you with information and/or materials that you request.Our affiliates, partners and agents, when necessary to facilitate your relationship with us.Professional advisers such as consultants, bankers, professional indemnity underwriters, brokers and auditors.Other organisations with whom information is exchanged for the purposes of fraud protection or credit risk reduction.Debt collection agencies that assist us in collecting debts owed to us.Third parties to whom we may choose to sell, transfer or merge parts of our business or assets (successors in title). Alternatively, we may seek to acquire or merge with other businesses. If there is a change to our business, the new owners may use your personal data in the same way and for the same purposes as set out in this Policy.We require all third parties to respect the security of your personal data and to process it in accordance with the law (including applicable data protection and privacy law). We do not permit our third-party business partners or service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions. Furthermore, these third parties access and process your data on a strictly confidential basis and subject to appropriate security measures and safeguards.