XchangeOn Privacy Policy

Last Updated: November 2, 2023

Company Information: XchangeOn s.r.o is an XchangeOn based in the Czech Republic.
Company Reference Number: 19845391

Registered and Correspondence Address:

XchangeOn s.r.o,
Cimburkova 916/8,
Žižkov,
130 00 Prague 3

XchangeOn (“we,” “our,” or “us”) values and respects the privacy of our users. This Privacy Policy outlines how we handle, process, and protect your personal data. It also explains your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR). By using our services, you consent to the practices described in this Privacy Policy.


We may update this Privacy Policy periodically, so please review it regularly.

1. Definitions

To make this Privacy Policy clear and transparent, the following terms are defined as follows:

1.1 Data subject: An identified or identifiable natural person whose personal data is processed.
1.2 Personal data: Any information relating to an identified or identifiable natural person, including name, identification number, location data, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
1.3 Processing: Any operation performed on personal data, including collection, storage, usage, alteration, transfer, or deletion.
1.4. Profiling: Automated processing of personal data to evaluate or predict aspects such as behavior, preferences, or financial status.
1.5. Controller: The entity that determines the purposes and means of processing personal data.
1.6. Processor: The entity that processes personal data on behalf of the controller.
1.7. Consent: A freely given, informed, and explicit agreement by the Data Subject to the processing of their personal data.
1.8. Cookies: Small text files stored on your device to enhance your experience on our website and services.

2. How and Why We Collect Personal Data

2.1 Mandatory Data Collection
To comply with financial services regulations, we may request:

  • Identification documents (e.g., passports, government-issued ID)
  • Proof of address (e.g., utility bills, bank statements)
  • Proof of source of funds or wealth (e.g., tax filings, salary slips).

Legal Basis: Compliance with legal obligations (GDPR Article 6(1)(c)).

2.2 Voluntary Data Submission
If you contact us or use our services, you may voluntarily provide:

  • Name
  • Nationality
  • Email address and contact details
  • Residential address

Legal Basis:Contractual necessity or pre-contractual measures (GDPR Article 6(1)(b)).

2.3 KYC and AML Compliance
As part of Know-Your-Customer (KYC) and Anti-Money Laundering (AML) procedures, we collect and process the following data before entering into a contractual relationship:

  • Identification and proof of address documents.
  • Details regarding the source of funds.

Legal Basis:Compliance with regulatory obligations (GDPR Article 6(1)(c)).

2.4 Retention Period
We retain personal data of active customers during their relationship with us and for three years following the termination of the relationship unless a longer retention period is required by law.

3. Cookies Policy

We use cookies to enhance user experience and functionality. By using our site, you consent to our use of cookies as described below:
Types of Cookies Used:
3.1. Essential Cookies: Necessary for the website to function properly.
3.2. Preference Cookies: Store user preferences such as language settings.
3.3. Social Media Cookies: Enable content sharing on social networks.
3.4. Advertising Cookies: Collect data for managing advertisements and targeting users based on interests.
How to Manage Cookies: You can disable cookies through your browser settings. Note that doing so may affect the functionality of our site.

4. Sharing and Disclosure of Personal Data

We do not sell, trade, or disclose your personal data to third parties, except in the following scenarios:

  • With trusted service providers who assist in operating our services under confidentiality agreements.
  • To comply with legal obligations or protect rights and safety.
  • For marketing and advertising, only when anonymized or aggregated data is used.

Third-Party Services: When you interact with third-party tools or plugins on our site (e.g., social media), their privacy policies will apply.

5. Security of Personal Data

We employ advanced security measures to safeguard personal data, including:

  • Encryption of sensitive information.
  • Regular audits of our security systems.
  • Access control measures limiting data access to authorized personnel only.

Despite these measures, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights as a Data Subject

Under GDPR, you have the following rights:
6.1 Right of Access:Request a copy of your personal data.
6.2 Right to Rectification: Correct inaccurate or incomplete data.
6.3 Right to Erasure: Request deletion of your data, subject to legal obligations.
6.4 Right to Restrict Processing: Limit the use of your data in specific circumstances.
6.5 Right to Data Portability: Transfer your data to another provider.
6.6 Right to Object: Object to processing based on legitimate interests or direct marketing.
To exercise your rights, contact us at support@XchangeOn. We respond to requests within one month.

7. International Data Transfers

If we transfer personal data outside the European Economic Area (EEA), we ensure it is protected through:

  • Binding Corporate Rules (BCRs).
  • Standard Contractual Clauses (SCCs).

8. Changes to this Privacy Policy

We may update this Privacy Policy as necessary. The “Last Updated” date will reflect the most recent changes. Continued use of our services indicates acceptance of the updated Privacy Policy.

Contact Us

If you have questions or concerns about our Privacy Policy or data practices, please contact us:

Email support@XchangeOn
Address XchangeOn s.r.o, Cimburkova 916/8, Žižkov, 130 00 Prague 3

Subscribe to Our
Newsletter

Get the Latest Updates on Digital
Currency Trading!"