Login / Register

Privacy and Privacy Policy

XEMII understands that privacy is a very important issue. Regardless of whether the user is a customer, collaborator, service provider or visitor to our website and/or mobile app and/or third party APIs (hereinafter referred to as "Applicative").

Before you use our products, we recommend you read this Privacy Policy, as well as Terms of Use, and Compliance Policy. The user can only use our Application and Services if he agrees to such policies. In the same way, if the user is our collaborator, service provider or maintains any other kind of relationship with XEMII, know that you can only initiate that relationship if you agree to this Privacy Policy.

 

This policy is divided by themes, all referenced below. We recommend that everyone read:

1. Introduction

2. DEFINITIONS

3.WHO ARE WE?

4. WHAT PERSONAL DATA DO WE TREAT AND HOW DO WE COLLECT YOUR PERSONAL DATA?

5. WHAT DO WE USE THE DATA COLLECTED FOR?

6. WHAT ARE THE RIGHTS AND DUTIES OF USERS?

7. USE OF COOKIES AND LIKE TECHNOLOGIES

8. HOW LONG IS PERSONAL DATA STORED?

9. WHICH THIRD PARTY SHARES YOUR PERSONAL DATA?

10. WHAT ARE THE SECURITY POLICIES ADOPTED?

11. OTHER INFORMATION

12. CHANGE IN PRIVACY POLICY

13.CONTACT AND DPO DATA

 

I. Introduction

 

1.1. XEMII may establish specific rules applicable to a particular product, as appropriate, that will complement and prevail over this Privacy Policy and Terms of Use. In any case, it is necessary for the user to agree to the terms and conditions applicable.

 

1.2. This policy considers that established by Law No.709/2018 ("General Data Protection Act"), Act No. 8.078/1990 ("Consumer Defence Code"), Act No. 10.406/2002 ("Civil Code") and Act No. 12.965/2014 ("Civil Internet Framework") to clarify (i) what personal data we handle, how and for which it is handled; (ii) what its rights are under current legislation (iii) what are the XEMII obligations regarding the processing of its personal data. It does not, however, contemplate the practices of other organizations referenced by links in our Application.

 

II. DEFINITIONS

2.1. Before we explain what personal information we deal with, what the purposes of this treatment are, with whom we share your personal information.

We should clarify some concepts to help you better understand this Privacy Policy, whatever:



· Personal data holder: it is natural persons, end users and or legal representatives who provide their personal data for XEMII.



· Data Processing: any operation that XEMII and/or a company operating on its behalf carries out with Personal Data, such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, arming.



· Personal Information: all data related to the natural person identified or identifiable, which may include, name, CPF, IP address, but also, the customer ID, and other identifiers that, if analysed together, allow the identification of a Data Holder.



· Sensitive Personal Data: personal data of racial, ethnic origin, religious belief, political opinion, union affiliation or organization of religious, philosophical or political character, given in relation to health or sexual life, genetic or biometrics, when linked.



· Data Controller: person or institution, whether public or private, who has jurisdiction over the relevant decisions regarding the processing of personal data, such as those defining the types of personal data to be processed, the purposes of the processing, and its duration. A

XEMII is playing the role of Controller of Personal Data shared by you, User.



· Data Processing Operator: it is the person or institution, under public or private law, that processes data on behalf of the Controller. Cloud service providers are Data Processing Activity Operators.



· Data Processing Officer: person designated by XEMII to act as a communication channel between the Controller and Data Holders and the National Data Protection Authority (ANPD).

 

 

III. WHO ARE WE?

 

3.1. XEMII Digital Services Ltd., limited company, registered with CNPJ under 44.868.835/0001-33, and based in Alameda Santos 700, Bela Vista – St. Paul/SP, CEP 01418-200, is the holder of all rights to and responsible for the online purchase and sale platform of Cryptoactives, provided through the website hosted under the domain www.XEMII.with and application for mobile device (designed together as "Applicative"). XEMII makes relevant decisions regarding the processing of your personal data, such as those defining the types of personal data to be processed, the purposes of the processing, and its duration, therefore, being a Controller of Personal Data shared by you when using the

 

IV. WHAT PERSONAL DATA DO WE TREAT AND HOW DO WE COLLECT YOUR PERSONAL DATA?

 

4.1. Your data can be collected by XEMII as follows:

 

a) by navigating our site, making records and transactions in the Application;

b) sharing of key information for service delivery and XEMII processes; and

c) when you, the user, come into contact with our care channels.

4.2. Other possible ways of obtaining data by XEMII, as appropriate, are through external partners and information providers, which assist us in understanding demographic data and socioeconomic profiles, complementing the data collected by us.



4.3. Your personal data can also be collected through social networks, provided you grant permission to access the data on one or more networks.





4.4. Your personal information can also be collected through consultation with official public sources, such as a public or private database.



4.5. All the data collection sources we use ensure the protection and confidentiality of the user's data in accordance with the practices described here, the legislation and the applicable standards.



4.6. By conducting the record, navigating our Application, and using XEMII services, the following data and information may be collected:



a) Data records: full name, CPF, date of birth, telephone and e-mail;



b) Sensitive Data: digitized copy of a valid photo ID, plus selfies. This information is characterized as sensitive and essential personal data for identification control in computer systems and, without which, XEMII cannot provide the services provided here. Such information is necessary so that XEMII can provide its services safely, i.e. by identifying the user appropriately, and can be used, including facial biometrics.

c) Contact information: telephone numbers, with the aim of providing greater security to the services and reliability of the information provided by the user;

d) Credentials: we collect cryptographic password hashes, secure words, security PINs, and required security information chosen by the user for the authentication, account access and transaction process, for appropriate access control to your account;

e) Demographic data: gender, address, schooling, rent;

f) Financial data: we collect data needed to carry out real estate (R$), such as bank, account number and agency, as well as data and history of operations carried out in the Application to control it. We collect negotiation API keys and encrypted wallet address.

g) In addition to data related to user transactions with Cryptoactive, which includes profile, we handle data related to interaction with our communication channels, such as duration of visit, navigation paths in the Application, pageview behavior, characteristics.
h) Attendance data: interactions with our answering channels are also recorded, as are other user contact details, which may include chat content and voice recordings;

i) Relationship data: only when unambiguous permission is granted, can we capture data of which contacts are the user's relationship network;

j) Location data: we can collect location data from GPS (Global Navigation System), GNSS (Global Navigation Satellite System), mobile communications towers, Wi-Fi access points, or location from your IP.

k) Investor Profile Data: We can collect data related to the assets that the user normally invests in, for what period of time and how it would behave in the event of sudden loss of value.

l) Sports Preferences: We can collect data on the user's preference for specific teams (e.g. football).

4.7. By not sending the sensitive data and the sensitive data, the use of our channels, services and features may be restricted and even invalidated. XEMII may, as appropriate, request additional documents with the intent of ensuring full access to the Application's services, such as proof of rent and residence, necessary for upgrading the system.



4.8. The recruitment of the services provided by XEMII presupposes the sending of e-mails (e.g. e-mails, notifications and SMS) from the security and administrative branch, and this dispatch is indispensable for the execution and development of our activity.

 

V. WHAT DO WE USE THE DATA COLLECTED FOR?

 

5.1. The main purpose for which we collect personal data is to fulfill a contract with the user and offer the best experience, safely, efficiently and customarily. We also use the data collected to create, develop, analyze, communicate, operate, deliver and prioritize our products, processes and services to deliver customized and complete experiments. Without prejudice to the provision of this item, we can use the data collected data to:

a) To allow transactions with XEMII-supported cryptographic assets to be made, to create purchase and sale orders, to generate and allow access to your virtual wallet;

b) Promote our products, processes and services;

c) Personalize content, make changes to our products and channels.

d) Provide new promotional features, products and dynamics;

e) Offer new products and/or services to the user, as well as personalized care and portfolio monitoring;

f) Conduct research and campaigns to continuously improve the user experience of XEMII.

g) Solving problems and doubts, ensuring the quality of our services and care.

h) Establish a meaningful and assertive dialogue, respecting their interaction preferences, as well as sending important notices, such as notices, software change records, features, conditions and policies, among others;

 

i) To further refine our security by acting effectively in suspicious activities and violations of terms or policies;

j) Analyse the performance, trends and measure the Application's audience, check its browsing habits in the App, how the user arrived in the Application (e.g. through links from other sites, search engines or directly), evaluate statistics related to the Application.
k) Evaluate and monitor risks to the safety of the Application by refining and developing our security tools, especially with regard to our guidelines on money laundering prevention and counter-terrorism financing; and

l) Compliance with legal and regulatory obligations.

m) Secondary purposes that are not conflicting or excessive with respect to the purposes listed above, such as, or to defend themselves in judicial or extrajudicial conflicts, always in accordance with the following:

members legislation in compliance with individual rights and freedoms of users.

5.2. For the purposes of qualification, training and safety, XEMII may monitor or record telephone conversations with the same or with people acting on their behalf. By communicating with XEMII, the user understands, agrees and authorizes that communications can be heard, monitored and/or recorded without notice or prior notice.

 

5.3. The user agrees and authorizes XEMII to use, copy, reproduce, make available, transmit, treat, share and translate into other languages all and any statements, statements, opinions, impressions, comments and suggestions that the user decides to leave publicly on our website.

 

VI. WHAT ARE THE RIGHTS AND DUTIES OF USERS?

 

6.1. XEMII guarantees the rights that the user holds in accordance with the General Data Protection Act, the Civil Internet Framework and other members sectoral data protection laws, such as:

a) Access to personal data: allows the user to access in his own account his personal data provided in his record and to request additional information, if desired;

b) Rectification of your personal information: allows the user to request correction

moment, in case the user identifies that any of his(s) are incomplete, inaccurate or out of date;

c) Blocking or eliminating unnecessary, excessive or treated personal data in compliance with the General Data Protection Act: allows the user to request to stop the processing of his personal data, and the measure taken will be evaluated and taken according to each case, 
d) Right of personal data portability: allows the user to request that XEMII provide him, or any third party he chooses, the personal data in a structured and interoperable format;

e) Right to exclude personal data processed with the consent of the holder of personal data: allows the user to request the exclusion of his personal data when the processing of this data is optional and has as a legal basis his consent, data maintenance is required

f) Right of information on the sharing of personal data: allows the user to request information about third parties with which XEMII shares his personal data;

g) Right to revoke consent at any time and right not to provide it and the consequences of not providing it: allows

that the user revokes his consent at any time, provided that depending on the nature of the personal data, the revocation may entail the impossibility of using the Application as a final character. The revocation of consent will have no retroactive effect.

6.2. To exercise your rights, the user may preferably use our Application's contact channels, unless the XEMII contract indicates otherwise.

 

6.3. If the user is one of our clients, prior to your request, XEMII will request additional information to confirm your identity through one of our KYC - Know Your Client tools. In the event that XEMII is not the applicant's Personal Data Controller, XEMII will inform the applicant of its position as Personal Data Operator and, if possible, indicate the Controller responsible for responding to your request.

 

6.4. In addition to rights, the user also has some duties stipulated here in this policy, some of which are governed by the terms of use, others in specific contracts with the user. In case the user does not observe them, especially duties related to the security of his personal data, such as acts of disclosure of his access information (login and password) to third parties, use of public access computers (e.g.: lan houses) or any other form of connection to the Internet that is not private and secure, or yet uses jailbreak mobile appliances or has applications from unofficial stores, XEMII will not be responsible for acts or facts arising from the collapse of these d.

6.5. Should the user require any assistance in exercising his rights, he should contact our Help Desk, for

half of the link, or with our Personal Data Manager at the email address: dpo@nossbank.com.br

VII. USE OF COOKIES AND LIKE TECHNOLOGIES

 

7.1. Cookies are small files that collect personal data while you browse the Internet. Our Application uses cookies to ensure the safe and proper operation of the platform. In addition, cookies, the Data Management Platform tool and similar technologies support the process of customer identification, communication and too many marketing actions, as well as enabling the protection of collected data. They store information on web browsers, used on computers, phones and other devices, which bring information about their use in our Application.

 

7.2. XEMII uses cookies of its own that are essential for monitoring, monitoring and tracking potential vulnerabilities, risks of incidents and information security incidents, to act preemptively and provide a safe environment for our clients. It also uses third-party cookies for statistical analysis of navigation data to evaluate our Application and constantly improve our services and products by providing more customized use experience.

 

7.3. Cookies themselves are essential so that XEMII can ensure a safe navigation environment and can provide proper service to the user, not being disabled. The user can disable third-party cookies in the settings in the Application, knowing that the XEMII features and services may not be provided or may be partially provided in the event of deactivation. In order to break into the DMP, the request must be made on the Settings menu.

 

7.4. By accessing and connecting to XEMII channels without disabling these technologies, the user agrees to receive a more personalized navigation experience and authorizes storage, processing and sharing of the information already mentioned here.

 

7.5. In addition to the above, the XEMII sends messages by electronic means as a notification center in the app itself, e-mails, text messages and notifications to confirm the app's activities for advertising purposes and uses technologies such as cookies, pixel tags, local storage, or The frequency of dispatch may vary, according to the user's interaction with these communications. At any time, the user may request the interruption of those e-mails, text messages and notifications through our communication channels. The application will be received by XEMII within 10 business days of the application, accessing:

 

a) Application Notifications and SMS, Preference Settings / Notifications menu.

b) Promotional e-mails, through their respective decadal link.

 

 

 

VIII. HOW LONG IS PERSONAL DATA STORED?

8.1. XEMII will store its personal information for the duration of the contractual relationship with the user, unless legal or regulatory provisions determine otherwise, and the maximum prescriptive deadlines laid down in the Civil Internet Framework, the Consumer Protection Code, the Code. 
regulations that may affect the service provided. In cases where there is no contractual relationship, XEMII will keep the information that the user has agreed to provide us with until the request to discard the data and in accordance with applicable legislation.

IX. WHICH THIRD PARTY SHARES YOUR PERSONAL DATA?

9.1. XEMII may share your personal information and other information listed in item 4.6., previously indicated, with companies belonging to the same economic group as XEMII and with partner companies such as PINBANK xemii INTELLIGENT PAYMENTS S.A (registered under NCPJ No. 17.079.937/0001-05), for the processing of Cryptoactive purchase and sale operations, offering specific features (such as viewing and/or accessing your XEMII account), development and offering of products, services and records in the said companies. When sharing personal data with third parties is necessary for the development and provision of products and services that best serve the interests of the user, generation of statistical data and aggregates on the use of the Application, XEMII will adopt the application as much as possible.

 

9.2. XEMII may also share user data with third parties in audit processes for corporate operations, or with partners and service providers in cases necessary for contract execution with the user.

 

9.3. XEMII can collect user information through identity check agencies and data offices to detect possible fraud, as well as credit bureaus, profiles and credit risks for credit analysis.

 

9.4. XEMII can share user personal information with its partners to provide their services, execute the contract with the user, conduct credit analysis and fraud prevention, and implement its Compliance and Know Your Client policies, Wash Prevention.

 

9.5. XEMII can share user personal data with third parties to protect their interests in any dispute, whether administrative, judicial or arbitral.

 

9.6. XEMII may share its personal data with public authorities in the event of investigative or administrative or judicial proceedings in xemii or abroad (in this case, attempting to provide personal data with the same level of protection as in xemii).

 

9.7. XEMII may carry out international transfers of personal data, either through contracts with technology service providers located outside the country or through the requirement of personal data protection authorities or foreign government entities, etc.

X. WHAT ARE THE SECURITY POLICIES ADOPTED?

10.1. XEMII takes organizational measures, training and training its internal staff, as well as technical measures aimed at information security, for the protection of personal data, against unauthorized disclosure, improper access, modification and loss or leakage of data, in such a way as  XEMII implements best security practices in the processing of personal data, such as:

like cryptography, periodic security monitoring and testing, firewalls, among others.

 

10.2. XEMII adopts log access control and tracking mechanisms, with different levels of restriction on access to collected data, ensuring in its specific contracts – either with internal staff or with partners or service providers – that it does not comply with this regulation.

 

10.3. Preserving your account's security is also your responsibility, so keep your environment safe. Take good practices in creating access credentials, do not share third-party data, such as logins and passwords, use strong credentials, do not use the XEMII password in others. It's also important to always move from our Application to its end, avoiding use in computers or public access networks and keeping the operating system and antivirus up-to-date.

 

10.3.1. XEMII does not send e-mails or notifications requesting confirmation or personal information, passwords, credit card numbers, encrypted wallet address, etc.; This could be phishing, a fraudulent practice that aims to induce the user to share personal information, logins and passwords with unintended people. It also does not send electronic messages with attachments that can be executed (extensions: .exe.with, among others) or links to any downloads. Never provide an answer to those e-mails and report to our answering channels.

 

10.3.2. In case the user is aware that any third party has access to their login and password, follow the procedure provided for in our Terms of Use.

 

10.4. In the event of a security incident resulting in destruction, loss, alteration, unauthorized access or leakage of personal data, the XEMII shall notify the user within reasonable time and take appropriate measures to account for the involved and mitigate.

 

XI. OTHER INFORMATION

11.1. This Privacy Policy is governed, interpreted and regulated by members legislation and should be read in addition to our Information Security and Compliance Policy practices, as well as our Terms of Use and, where applicable, with respective contracts.

 

11.2. The San Paulo/SP County Forum is elected to resolve any controversy arising over this Privacy and Privacy Policy.

 

11.3. These are integral and inseparable parts of this Privacy and Privacy Policy, and the following documents are considered incorporated by reference:

  • Fees, commissions and limits;
  • Terms of Use;
  • Compliance policy; and
  • Information security practices.

XII. CHANGES IN PRIVACY POLICY

12.1. XEMII is committed to reviewing this Privacy and Privacy Policy periodically to ensure that your privacy is protected.

compliance with the law, as well as to comply with the guidelines of the National Data Protection Authority (ANPD), which may, for these reasons, amend its terms at any time. Whenever there is a significant change, such as a new purpose for the personal information already reported, the user will be notified by means of the contact information provided by the user or by a warning in the Application. Upon notification, the user will have access to the new Privacy and Privacy Policy text.

XIII. CONTACT OF THE DPO

13.1. In case you have any questions and/or need to take care of any matter related to this Privacy and Privacy Policy, please contact us at dpo@nossbank.with.Br.