Xylo Markets
XYLO MARKETS
Legal

Privacy Policy

We take your privacy seriously. Learn what data we collect, why we collect it, and the rights you have under GDPR.

Last updated: January 15, 2024 · In force since May 2018 Download PDF

1. Data We Collect

We collect identity data (name, date of birth, ID documents), contact data (email, phone, address), financial data (bank/payment details, trading history), technical data (IP address, browser, device fingerprint), and marketing preferences.

2. Legal Basis for Processing

We process personal data under one or more of: (a) performance of contract, (b) compliance with legal obligations (KYC/AML), (c) legitimate interests (fraud prevention, service improvement), and (d) consent (marketing communications).

3. How We Use Your Data

To open and operate your account, process trades, comply with regulatory obligations, prevent fraud, provide customer support, send service updates, and — with your consent — share marketing communications.

4. Data Sharing

We share data with: relevant financial regulators (including UAE SCA, VARA, and our partner jurisdictions), liquidity providers (anonymized order flow), payment processors (transaction execution), KYC verification partners (identity checks), and authorized service providers under strict confidentiality.

5. Data Retention

We retain personal data for the duration of the client relationship plus 7 years thereafter, in line with anti-money-laundering record-keeping requirements. Marketing data is retained until you opt out.

6. Your Data Rights

You have the right to: access your data, request correction, request erasure (subject to legal retention), restrict processing, data portability, object to processing, and lodge a complaint with the UAE Data Office or your local data protection authority.

7. International Transfers

Where data is transferred outside the UAE, we use Standard Contractual Clauses or rely on adequacy decisions to ensure equivalent protection in line with UAE PDPL Article 22.

8. Security Measures

We employ AES-256 encryption at rest, TLS 1.3 in transit, multi-factor authentication, regular penetration testing, and ISO 27001-certified infrastructure.

9. Cookies

We use essential, analytics, and (with consent) marketing cookies. See our Cookie Policy for full details and to manage your preferences.

10. Contact Our DPO

For privacy queries, contact our Data Protection Officer at dpo@xylo.markets or write to the address in our Terms of Service.

Try Demo Start Trading