Effective as of May 25, 2018 (the "Effective Date").
In this Privacy Notice we explain how we collect and use your personal information that we obtain when you use our services, visit or use our websites or mobile applications or otherwise interact with us, how we share your information and the steps we take to protect your information.
1 - WHO WE ARE AND THE APPLICATION OF THIS PRIVACY NOTICE
This Privacy Notice applies to X-RATES.com which is owned and managed by XE.com, Inc. (“XE”, “X-Rates, “we”, “our” or “us”), a subsidiary of Euronet Worldwide, Inc. (“Euronet”). Further details on Euronet and the companies within the Euronet group (the “Euronet Group”) are available at: http://www.euronetworldwide.com.
XE is an affiliate of HiFX Europe Limited within the Euronet Group.
We are committed to the privacy and security of your personal data. This Privacy Notice describes how we collect and use personal data, in accordance with applicable law and our standards of ethical conduct.
XE.com, Inc. at 1145 Nicholson Rd, Suite 200, Newmarket ON, L3Y 9C3 Canada will be the “data controller” or “controller” in relation to any personal data provided to us directly via email, phone, and post or via x-rates.com (the “Website”). This means that we are responsible for deciding how we will hold and use personal data about you.
The Euronet Group Data Protection Officer can be contacted:
- By email at: DPO@xe.com or
- By post to: Euronet Data Protection Officer, Calle Cantabria, 229109 Alcobendas, Madrid, Spain.
We encourage you to review and check the Website regularly for any updates to this Privacy Notice. We will publish the updated version on the Website and by continuing to deal with us, you accept this Privacy Notice as it applies from time to time.
2 - DATA PROTECTION PRINCIPLES
“Personal data” means any information that enables us to identify you or the beneficiary of your transaction with us, directly or indirectly, such as name, email, address, telephone number, any form of identification number or one or more factors specific to your or your beneficiary’s identity.
We are committed to complying with applicable data protection laws and will ensure that personal data is:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
3 - WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE COLLECT IT?
The Website does not request any personal data or collect any personal data that allows you to be contacted.
We may collect personal data when you give it to us, including when you speak with us over the telephone or when you write to us (by email or post).
Cookies and similar technologies
When you use our Website we collect information via cookies and similar technologies, including the IP address of visitors, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may use this data for the following purposes:
- To measure the use of our Website and services, including number of visits, average time spent on a website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-overs), etc., and to improve the content we offer;
- To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
- As part of our efforts to keep the Website safe and secure.
Due to their core role of enhancing or enabling usability or site processes, disabling cookies may prevent you from using certain parts of our Website. It will also mean that some features on our Website will not function if you do not allow cookies.
4 - HOW WE USE YOUR PERSONAL DATA?
Personal data collected through our Website is stored and processed in Canada.
Our Website collects non-identifiable data (such as IP addresses and anonymous demographic and usage data). We may use such non-identifiable data for our legitimate interests to improve, monitor or administer the Website and to analyse traffic to the Website in order to measure interest in (and use of) the various portions and areas of the Website.
Where you have provided us with your personal data, we may use such personal data for the purposes that you provided it us; for example, to respond to and process your queries or requests in relation to the Website.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such data without further notice to you.
5 - IS DATA COLLECTED SHARED WITH THIRD PARTIES?
Aggregated statistical analysis
We may use statistical analysis of aggregate data to inform advertisers of aggregate user demographics and behaviour, as well as the number of users that have been exposed to or clicked on their advertising banners. We will provide only aggregate data from these analyses to third parties.
We may transfer your personal data to a third party as a result of a sale, acquisition, merger, or reorganisation involving Euronet, a company within the Euronet Group, or any of their respective assets. In these circumstances, we will take reasonably appropriate steps to ensure that your information is properly protected.
Legal and regulatory
We may also disclose your personal data in special cases if required or requested to do so by law, court order, or other governmental authority, or when we believe in good faith that disclosing this data is otherwise necessary or advisable, such as to identify, contact, or bring legal action against someone who may be causing injury to, or interfering with, our rights or property, our services, another user, or anyone else that could be harmed by such activities (for example, identify theft or fraud).
6 - ADVERTISING
Advertisements that appear on the Website are generally delivered (or "served") directly to you by third party advertisers. We use an industry leading advertising services supplier, Exponential Interactive, Inc. (“Exponential”) for the advertisements on the Website, which may be served by Exponential or Exponential’s advertising partners, and further details are set out below.
If you have provided your consent by accepting Targeting Cookies Exponential will automatically receive your IP address. Exponential or Exponential’s advertising partners may also download cookies and similar technologies such as pixel tags/beacons and scripts downloaded to your computer (‘cookies’) to measure the effectiveness of their ads and to personalize advertising content. Doing this allows them to recognize your computer each time they send you an advertisement in order to measure the effectiveness of their ads and to personalize advertising content. In this way, they may compile information about where individuals using your computer or browser saw their advertisements and determine which advertisements were clicked.
- If you do not accept Targeting Cookies, Exponential or any other third party advertisers will not receive your IP address or download any cookies to your computer through the Website. However, advertisements that are not specific or personalised to your or your device may still be served to you on the Website.
Remarketing on the Website
7 - HOW LONG IS YOUR PERSONAL DATA RETAINED?
Personal data is used for different purposes, and is subject to different standards and regulations. In general, personal data is retained for as long as necessary to provide you with services available on the Website you request, to comply with applicable legal, accounting or reporting requirements, and to ensure that you have a reasonable opportunity to access the personal data.
To determine the appropriate retention period for personal data, we consider the applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. For example:
- Legal and regulatory requirements. We will retain your personal data if required to comply with legal and regulatory obligations, compliance procedures and legal limitation periods.
- Customer service. If you provide us with your personal data but do not have a XECD or XE Email Services account, we may (subject to any legal or regulatory considerations) retain your personal data for as long as necessary to deal with your query.
8 - IS CORRESPONDENCE THAT YOU SEND TO US SAVED?
Yes. If you send us correspondence, including e-mails, we may retain such data along with any records of your account. We may also retain customer service correspondence and other correspondence involving you, us and any XE Company, our partners, and our suppliers.
9 - DATA SECURITY
We are committed to maintaining the security of your personal data and have measures in place to protect against the loss, misuse, and alteration of the data under our control.
We employ modern and secure techniques to protect our systems from intrusion by unauthorised individuals, and we regularly upgrade our security as better methods become available.
Our datacentres and those of our partners utilise modern physical security measures to prevent unauthorised access to the facility. In addition, all personal data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access.
All our employees who have access to, or are associated with, the processing of personal data are contractually obligated to respect the confidentiality of your data and abide by the privacy standards we have established.
Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of personal data.
The Website may offer chat rooms, forums, message boards, or news groups to users. It is important to remember that any information disclosed in these areas becomes public information. Accordingly, as with any public forum, you should exercise extreme caution when deciding whether to disclose your personal information.
10 - DOES THIS PRIVACY NOTICE APPLY TO OTHER WEBSITES?
No. Our Website (x-rates.com) may contain links to other Internet websites. By clicking on a third party advertising banner or certain other links, you will be redirected to such third party websites.
We are not responsible for the privacy policies of other websites or services. You should make sure that you read and understand any applicable third-party privacy policies, and you should direct any questions or concerns to the relevant third party administrators or webmasters prior to providing any personal data.
11 - WHAT ARE MY DATA PROTECTION RIGHTS?
In certain circumstances (for example, if you are a “data subject” in the EEA), and subject always to verification of your identity, you may request access to and have the opportunity to update and amend your personal data. You may also exercise any other rights you enjoy under applicable data protection laws.
Data subjects in the EEA have the right to:
- Request access to any personal data we hold about them (“Subject Access Request”) as well as related data, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making;
- Obtain without undue delay the rectification of any inaccurate personal data we hold about them;
- Request that personal data held about them is deleted provided the personal data is not required by us, an XE Company or the Euronet Group for compliance with a legal obligation under applicable law or for the establishment, exercise or defence of a legal claim;
- Under certain circumstances, prevent or restrict processing of their personal data, except to the extent processing is required for the establishment, exercise or defence of legal claims; and
- Under certain circumstances, request transfer of personal data directly to a third party where this is technically feasible.
Also, where you believe that we have not complied with our obligations under this Privacy Notice or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts. The Canadian Data Protection Authority is the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca/en/) and the country in which you are located is likely to have a Data Protection Authority (such as the Information Commissioner’s Office in the United Kingdom).
Although not required, we would encourage you to let us know about any complaint you might have and we will respond in line with our complaints procedure set out in section 12 of this Privacy Notice.
12 - PRIVACY COMPLAINTS PROCEDURE
Where you believe that we have not complied with our obligations under this Privacy Notice, or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let us know about any complaint you might have and XE will respond in line with our complaints procedure – our contact details are set out in section 13 below.
We want to deal with your concerns fairly, effectively and promptly. However, some complaints are more complex than others and may take some time to investigate.
- We will acknowledge your complaint promptly after receiving it
- We will keep you informed throughout any investigation
In order to assist in the speedy resolution of any complaint you may have, it’s important that we understand your complaint fully. Sometimes this means we may ask you to address your concerns to us in writing. This can be either by email or post to the addresses in section 13 below. We have established internal procedures for investigating any complaint, which may also involve experienced members of staff from XE Companies (including HiFX) considering or investigation the complaint. Where appropriate, the complaint will be dealt with by someone who was not directly involved in the matter which is the subject of your complaint. The member of staff will either have authority to settle your complaint or will have ready access to someone who has the authority. Our response will fully address the subject matter of your complaint and, if appropriate, will offer redress. If you phone us during our investigation and the member of staff handling your complaint is not available, then another member of our team will try to assist you.
Unless applicable data protection laws require responses within shorter timescales, we will try to resolve any privacy complaints you have within 15 business days of receiving your complaint and in exceptional circumstances, within 35 business days (and we will let you know if this is the case).
As noted above, if you are not satisfied with our reply/outcome, or otherwise with the handling of the complaint, you may have the right to lodge a claim before a relevant Data Protection Authority or the courts.
13 - CONTACT US
If you have any questions or concerns about this Privacy Notice or our data practices, please contact us in writing by email at firstname.lastname@example.org or by post to XE Privacy Office, 1145 Nicholson Rd, Suite 200, Newmarket, ON, L3Y 9C3 Canada.