Privacy Policy

Overview

This Privacy Policy describes the practices of the PayX platform ("Platform", "we", "us", "our") regarding the collection, handling, storage, and disclosure of information obtained from individuals who access our website located at payxtrade.com (the "Site") for the purpose of delivering the services made available through the Site (collectively, the "Services").

This document aligns with the requirements set forth by the European Union General Data Protection Regulation (GDPR), the ePrivacy Directive, applicable national data protection statutes, and other relevant legislation governing the handling of personal information within the European Economic Area (EEA).

We are committed to maintaining the confidentiality of every user's Personal Data and handling it strictly in accordance with the law.

This Privacy Policy covers all interactions with PayX, whether through the Site, mobile applications, or direct communication channels such as email and messaging forms.

We encourage you to review this document thoroughly before proceeding.

Your use of the Site, our Services, or any product offered by PayX, as well as any direct contact with us, constitutes your agreement to the terms outlined herein. When you create an Account and confirm the associated checkbox, you expressly consent to every data practice described in this Privacy Policy and the accompanying User Agreement, including the processing, retention, and utilization of your Personal Data.

Should you find yourself unable to accept any provision of this Privacy Policy, please discontinue use of the Site, mobile applications, and Services, and refrain from creating an Account. This Privacy Policy forms an inseparable component of our User Agreement.

Understanding the GDPR

The General Data Protection Regulation (GDPR) is a comprehensive European legal framework governing data privacy and the protection of individuals' personal information. It mandates organizations to implement granular safeguards within their systems, enter into clear data processing agreements, and provide transparent disclosures to individuals regarding their data handling practices.

The GDPR applies to any fully or partially automated processing of Personal Data, as well as to non-automated processing where such data forms part of, or is intended to be included in, a structured filing system. In essence, the Regulation extends to every company, institution, or organization that handles Personal Data in any capacity.

Scope of Personal Data Under the GDPR

The GDPR establishes a broad framework governing how organizations may handle individuals' Personal Data. The concepts of "Personal Data" and "processing" are central to the legislation, and grasping their definitions reveals the true extent of the Regulation:

Personal Data encompasses any information that can be linked to a specific or identifiable natural person. This definition is intentionally expansive: it covers not only names and email addresses but also financial records, IP addresses, and any other data point that -- alone or when combined with other information -- could serve to identify an individual. Certain categories of Personal Data receive heightened protection due to their sensitive nature, including information relating to racial or ethnic background, political views, religious or philosophical convictions, trade union affiliation, genetic or biometric identifiers, health status, sexual orientation, and criminal history.

Processing refers to any operation performed on Personal Data, whether automated or manual. This includes but is not limited to collection, recording, organization, structuring, storage, modification, retrieval, consultation, usage, disclosure, dissemination, combination, restriction, deletion, and destruction. Effectively, any system that stores or accesses Personal Data engages in processing.

Extraterritorial Reach of the GDPR

The GDPR is not limited to organizations physically located within the European Union. Any entity operating globally may fall within its scope if: (i) it maintains an establishment in the EU; or (ii) it processes data of EU-based individuals in connection with offering goods or services to them, or monitoring their online behavior.

Collection and Purpose of Personal Data

We gather, retain, and utilize your Personal Data exclusively for the purposes defined within this Privacy Policy.

Below we outline the categories of Personal Data we may hold about you, along with the rationale behind each use.

Categories of Personal Data Collected

1. Registration data provided directly by users:

   • contact information such as full name, postal address, email, and telephone number(s);

   • identifying details including date of birth, gender, and residential address.

2. Know Your Customer (KYC) data obtained from you, authorized third parties, or publicly accessible sources:

   • government-issued identity documents (along with document numbers and expiry dates);

   • photographs submitted for verification;

   • documentation evidencing the origin of funds;

   • outcomes of KYC and Politically Exposed Person (PEP) screening, including data gathered by our verification partners;

   • any additional Personal Data supplied during compliance or verification procedures.

3. Account-related data:

   • authentication credentials;

   • account configuration and communication preferences.

4. Service usage data:

   • trade orders and instructions submitted to us;

   • transaction records including amounts, counterparties, timestamps, and linked payment instruments or external financial accounts;

   • device characteristics such as hardware type, operating system, display resolution, and unique identifiers;

   • network identifiers including IP addresses;

   • session timestamps and request logs;

   • content of communications with us across all channels (email, phone, chat, social media);

   • engagement metrics from our electronic communications, including link interactions and referral paths;

   • responses to surveys or feedback requests.

5. Data received from third-party sources to facilitate registration or service delivery:

   • payment-related information supplied by banks, payment processors, and financial service providers;

   • records from credit reporting and fraud prevention agencies.

6. Data collected through Site usage (regardless of registration status):

   • device and browser specifications;

   • hardware configuration details;

   • visit timestamps;

   • browsing behavior including pages visited, session duration, on-page interactions, exit methods, and search terms;

   • IP addresses.

7. Data pertaining to representatives of corporate clients and vendors:

   • names, professional roles, and business contact details;

   • supplementary information about such individuals;

   • Personal Data contained in business correspondence.

How We Utilize Your Personal Data

All categories of Personal Data are collected and processed to deliver our Services effectively, ensure correct system operation, verify user identities, and maintain platform security. Specific use cases include:

Registration data may be used to:

• evaluate and fulfill your registration request;

• complete the client onboarding process;

• deliver products and Services;

• administer your account and related Services;

• send account-related communications and inform you of relevant offerings;

• present tailored product recommendations.

KYC data may be used to:

• satisfy regulatory verification requirements;

• confirm user authenticity and detect fraud, money laundering, terrorist financing, and identity-related offenses.

Account data may be used to:

• manage your account;

• maintain service-related communications.

Service usage data may be used to:

• operate and administer our infrastructure;

• perform location and device consistency checks for fraud prevention;

• analyze usage patterns to enhance existing Services;

• adapt Services to user behavior and technical environments;

• resolve reported issues;

• review communications for quality assurance and staff development.

Third-party-sourced data may be used to:

• support system administration;

• strengthen fraud detection capabilities.

Browsing data collected through the Site may be used to:

• conceptualize and build new Services informed by observed user behavior and technical capabilities;

• identify and remediate security vulnerabilities or usability issues;

• track access patterns (geographic distribution, device types, peak hours, feature popularity, and referral sources) and segment usage across user cohorts;

• conduct statistical research aimed at deepening our understanding of the user base and service engagement.

Data about representatives of organizational clients and partners may be used to:

• deliver Services and products;

• cultivate business-to-business relationships;

• distribute relevant marketing materials;

• refine and innovate Services based on organizational feedback;

• procure services necessary for our operations.

Your Rights as a Data Subject

You are entitled to the following rights concerning your Personal Data:

Right to be informed -- you may request details about how your Personal Data is collected and used, including the identity of the data controller, purposes of processing, applicable retention periods, and categories of recipients.

Right of access -- you may obtain confirmation of whether your data is being processed, the nature and scope of such processing, and the parties with whom it has been or will be shared.

Right to rectification -- you may request correction of any inaccurate Personal Data we hold, as well as completion of any incomplete records.

Right to erasure -- you may ask us to delete your Personal Data where it is no longer required for the purposes for which it was collected and no other lawful basis for processing exists.

Right to restriction -- you may request that we limit the further processing of your data, in which case it may only be processed with your separate consent.

Right to portability -- you may receive your Personal Data in a structured, widely-used, machine-readable format and transmit it to another controller where technically practicable.

Right to object -- you may object at any time to the processing of your Personal Data on grounds specific to your situation, unless overriding legitimate grounds exist or the processing serves the establishment, exercise, or defense of legal claims.

Right to withdraw consent -- you may revoke your consent to data processing at any time and instruct us to cease accessing, storing, or otherwise handling your Personal Data.

Right to non-discrimination -- we will not treat you adversely for exercising any of these rights, to the extent protected by applicable law.

Promotional Communications

If you have opted into marketing communications, you retain the right to revoke that consent at any time. An unsubscribe mechanism is available in every promotional message we send.

Periodically, we may need to contact you regarding operational matters or contractual obligations. Such messages are not promotional in nature and are sent under a legitimate interest basis.

Regulatory and Legal Obligations

Certain categories of Personal Data must be collected to comply with anti-fraud, Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and Know Your Customer (KYC) requirements. Failure to provide this data will prevent us from establishing a service relationship with you.

Your data may also be processed in response to legitimate requests from law enforcement or regulatory authorities, or where necessary for the defense of legal proceedings. Data relevant to an active investigation or dispute will be retained until full resolution.

Data We Do Not Collect

We do not knowingly gather information from individuals below the age of 18. Minors are not permitted to access the Site or use the Services. By engaging with our platform, you affirm that you possess the legal capacity to form binding agreements.

We do not process special-category data, including information related to racial or ethnic origin, political affiliation, religious or philosophical beliefs, trade union membership, genetic or biometric identifiers, health conditions, or sexual orientation.

Data Protection Measures

We employ a combination of physical, technical, and organizational safeguards to preserve the confidentiality of your Personal Data and defend it against unauthorized access, loss, theft, misuse, alteration, or destruction.

Our security controls include end-to-end encryption for data in transit and at rest, geographically distributed storage infrastructure, strict physical access restrictions, anonymization techniques, multi-signature authorization protocols, and binding confidentiality obligations for all personnel with data access.

Our information security framework undergoes regular review and is updated as necessary to reflect emerging threats and best practices.

Disclosure of Personal Data

We do not sell, lease, or rent user Personal Data to third parties under any circumstances. In limited situations dictated by the policies of partner financial institutions, we may share specific identification or contact data to verify user identity and facilitate service delivery.

Users acknowledge and agree that their data may be transmitted to vetted third parties responsible for performing KYC screening and fraud database queries. All such partners have been evaluated by us and are contractually bound to comply with applicable data protection legislation and the terms of this Privacy Policy.

Where fiat currency services are involved (e.g., deposits or withdrawals), we may share KYC and ancillary data with designated financial institutions for the purpose of executing banking or payment functions. By using these Services, you grant explicit consent for such data transfers.

PayX bears no responsibility for the data-handling practices of its Affiliates. Each Affiliate is independently accountable for its own compliance with data protection laws.

Data Retention

Personal Data is retained only as long as necessary to serve the purposes described in this Privacy Policy, unless a longer retention period is mandated or permitted by law.

To fulfill our regulatory obligations and align with prevailing industry standards, you authorize us to maintain records throughout the lifetime of your Account and for a period of five (5) years following its closure.

Where feasible, we store Personal Data in de-identified or aggregated form that cannot be traced back to a specific individual.

We may retain data beyond the minimum statutory period where doing so serves a legitimate business interest and does not contravene applicable law.

Third-Party Disclosure

Selected Personal Data may be shared with business partners who provide cloud hosting, insurance, analytics, research, or other services integral to our operations. We limit the scope of shared data to the minimum necessary for each service.

Data shared with third parties is used solely for the purpose of delivering and enhancing our Services. It will not be furnished to external parties for their own marketing activities.

We may disclose your data as required by law, court order, or governmental request, whether originating from within or outside your country of residence. Disclosure may also occur where we deem it necessary in the interest of national security, law enforcement, or significant public welfare.

Additionally, disclosure may be made where necessary to enforce the PayX User Agreement or to safeguard our operations and user community.

Cross-Border Data Transfers

Your Personal Data may be transferred to and stored in jurisdictions other than the one in which it was originally collected, including countries outside the European Economic Area (EEA), the United Kingdom, and Switzerland. Such jurisdictions may not maintain equivalent data protection standards. In every instance, we will protect transferred data in accordance with this Privacy Policy and ensure compliance with applicable legal frameworks governing international transfers.

For users located in the EEA, United Kingdom, or Switzerland, transfers will only occur where:

• the destination country has received an adequacy determination from the European Commission; or

• appropriate safeguards are in place, such as EU standard contractual clauses, supplementary protective measures, or the recipient's adherence to binding corporate rules approved by a competent supervisory authority.

Policy Amendments

PayX reserves the right to modify this Privacy Policy at any time and without prior notice. Updated versions take effect immediately upon publication at /privacy-policy. We recommend reviewing this page periodically. Your continued use of the Site and Services after any update signifies acceptance of the revised terms. The date of the most recent revision is always indicated.