Privacy Policy


Data Protection Law – Regulation of the European Parliament and of the Council (UE) 2016/679, General Data Protection Legislation (GDPR).
Personal Data – Clients’ personal data within the meaning of Data Protection Law.
Services – The technological platform, functional rules and market managed by XMT to permit Sellers and Buyers to perform purchase and sale transactions of Virtual Financial Assets.


This Privacy Policy, together with our Terms of Business and Data Protection Law, governs how XMT Gozo Ltd. (“XMT”) collects, processes and uses your personal data arising from using the XMT website ( as well as registering, subscribing, buying, and/or using our products and services. In this Privacy Policy “XMT”, “we”, “us”, or “our” refer to XMT, a private limited liability company established and registered in Malta with company registration number C 87936 and whose registered office is situated at Portomaso Business Tower, Triq Gort, St Julian's, Malta. XMT is a data controller under this Privacy Policy.

Data Collected

XMT may collect the following Data from you or your company:

  1. Contact information, such as name, home address, and email address;
  2. Account information, such as username, password, account settings, and preferences;
  3. Financial information, such as bank account numbers, bank statement, and trading information;
  4. Identity verification information, such as images of your government issued ID, passport, national ID card, or driving licence;
  5. Information regarding the way you use our services, such as what services you used and when; and
  6. Information relating to communications with us, whether through the XMT website, via e-mail, over the phone, or via any other medium;
  7. Computer or mobile device information, including IP address, operating system, network system, browser type, and settings;
  8. Website usage information;
  9. Certain types of information for compliance with legal requirements relating to our anti-fraud/anti-money laundering/counter financing of terrorism/know your customer obligations.

Use of Data

We may use your Personal Data for the following purposes:

  1. Opening, verification and ongoing management of your account. Maintenance of legal documentation, claim and dispute management as well as for compliance with legal obligations to which XMT is subject to;
  2. Informing you of changes in our services and products;
  3. Improvement of our services and products;
  4. Compliance with know-your-customer regulation, anti-money laundering regulation, tax, fraud, or any other regulation applicable to XMT. With respect to US residents, we may also share your information with other financial institutions as authorized under Section 314(b) of the US Patriot Act, and with tax authorities, including the US Internal Revenue Service, pursuant to the Foreign Account Tax Compliance Act ("FATCA"), to the extent that this statute may be determined to apply to XMT. Your personal data may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
  5. Payment processing, whether in cryptocurrency or legal tender. Related processing operations are necessary for the performance of a contract with you and for compliance with legal obligations to which we are subject to. This means that we may submit your personal and/or company information, including identification documentation and proof of address documentation to third party service providers and providers of banking and/or payment services if you request to use such services;
  6. Provision of customer services,

Use of cookies

XMT uses cookies to collect information for record-keeping, comfort of use, and website improvement and optimisation. XMT Cookies policy is available at (


We may share personal data with third parties to help us with our marketing and promotional projects, or sending marketing communications.
If you want to opt out of receiving promotional and marketing emails, text messages, post and other forms of communications from us or our promotional partners in relation to which you might receive in accordance with this section, you can opt out by using one of the following ways:

  • Log into your account and update your profile.
  • Click "unsubscribe" at the bottom of an email we sent you.
  • Contact us at [email protected] to opt-out.

If you do opt out of receiving promotional and marketing messages, we can still contact you regarding our business relationship with you, such as account status and activity updates, survey requests in respect of products and services we have provided to you after you reserve from us, reservation confirmations or respond to your inquiries or complaints, and similar communications.

Disclosure of Data

We may disclose your Personal Data to third parties and legal and regulatory authorities and transfer your Personal Data outside the EEA, as described below.

A. Disclosures to Third Parties
There are certain circumstances where we may transfer your personal data to employees, contractors, and other parties.
We may share your information with certain contractors or service providers. They may process your personal data for us, for example, if we use a marketing agency. Other recipients/service providers include advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers, or outsourced call centres. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them with, including your information, will only be provided in connection with the performance of their function;

We may also share your information with other certain third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or services to you. These include credit reference agencies, anti-fraud databases, screening agencies, and other partners we do business with.
Your personal data may be transferred to other third party organisations in certain scenarios:

  • If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
  • If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
  • If we are defending a legal claim your information may be transferred as required in connection with defending such claim.

Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide XMT services or as required by law.
XMT’s third party service providers are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms complying with DP Law.

B. Disclosures to Legal Authorities
We may share your Personal Data with law enforcement, data protection authorities, government officials, and other authorities when:

  • Compelled by court order or other legal procedure.
  • Disclosure is necessary to report suspected illegal activity.
  • Disclosure is necessary to investigate violations of this Privacy Policy or our Terms of Use.

C. International Transmission of Personal Data
Personal data transmitted to a recipient outside the EEA must be subject to protection at least equivalent to that sought by the GDPR.

Retention of Personal Data

We retain Personal Data for at least ten years after an Account with XMT is closed.

Data Subject Rights

Access: you are entitled to ask us if we are processing your information, and if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and other certain information about it to check that we are lawfully processing it. We process a large quantity of information, and can thus request, in accordance with Data Protection Law, that before the information is delivered, you specify the information or processing activities to which your request relates.
Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected.
Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances.
There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Transfer: you may request the transfer of certain of your personal data to another party.
Objection: where we are processing your personal data based on a legitimate interests (or those of a third party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal data for direct marketing purposes.

Security Measures

Personal data is safeguarded from unauthorised access and unlawful processing or disclosure, as well as accidental loss, modification or destruction; through state-of-the-art technical and organisational measures. These are adjusted and updated continuously in tandem with technical developments and organizational changes. Additionally, data protection audits and other controls are carried out on a regular basis.
We do not ask for financial or payment information, such as your credit card number, pass code, account number or pin number through emails, texts or any other communications that we send to you. Please always check that any website on which you are asked for financial or payment information in relation to our reservations or services is operated by XMT.

Data Protection Contact Person (the “DPCP”)

Data subjects may contact the XMT Data Protection Contact Person (the “DPCP”) at [email protected] regarding any queries relating to issues of data protection, to exercise any of their rights.