In this Privacy Notice, “AAX” or “we” or “our” refers to AAX Exchange (Malta) Limited incorporated in the Republic of Malta and located at Ewropa Business Centre, Level 3 – 701, Dun Karm Street, Birkirkara, BKR 9034, Malta and AAX Limited incorporated under the International Business Companies Act of 1994 of the Republic of Seychelles having company number 211854.
“Platform” collectively refers to our website at www.aax.com, our application(s), our application programming interfaces (“APIs”), our notifications and any information or content appearing therein (collectively known as our “Platform”).
This Privacy Notice sets out:
A. the information we collect about you (“user” or “you” or “your”) when you visit
www.aax.com , use our Platform or services, or otherwise interact with us;
B. how we use, share, store, and secure the information; and
C. how you may access and control the information.
This Privacy Notice should be read in conjunction with our Cookies Notice to understand the cookies we use and how you may delete or adjust your cookie settings
1. What information we collect about you
1.1. We collect the following types of information about you:
(a) account and profile information and documents that you provide when you register for
an account or sign up for our products or services, for example name, username, similar
identifier, other personal description, occupation, date of birth, address, email address,
phone number, identification number, income and wealth information (collectively known
as “Account Data”);
(b) information you provide through support channels, for example when you report a problem
to us or interact with our support team, including any contact information, documentation,
or screenshots (collectively known as “Support Data”);
(c) communication, marketing, and other preferences that you provide us when you participate
in a survey or a questionnaire that we send you (collectively known as “Preference Data”);
(d) details of any transactions, purchases, or orders that you've made with us (collectively
known as “Transaction Data”);
(e) payment information, for example bank account information or payment details (collectively
known as “Financial Data”);
(f) information about your device or connection, for example your internet protocol (IP) address,
log-in data, browser type and version, time-zone setting, browser plug-in types and versions,
operating system and platform, and other technology on the devices you use to access our
products or services and information we collect through cookies and other data collection
technologies (please read our Cookies Policy for details) (collectively known as “Technical
(g) Information about your use of or visit to our Platform, for example your clickstream to,
through, and from our Platform, products you viewed, used, or searched for, page response
times, download errors, length of visits to certain pages, page interaction information (such
as scrolling, clicks, and mouse-overs), or methods to browse away from the page
(collectively known as “Usage Data”).
The data set out in paragraph 1.1(a) to (g) are collectively known as “Personal Information”
and it refers to any aforesaid data, information, or combination of data and information that is
provided by you to us, or through your use of our products or services, that relates to an
1.2. We collect your Personal Information when you provide it to us or when you use or visit our
Platform. We may also receive your Personal Information from other sources, including:
(a) our personnel, agents, advisors, consultants, and contractors based in global in connection
with our operations or services, for example our staff engaged in the fulfilment of your order,
processing of your payment, and provision of support services;
(b) our group companies or overseas offices that provide information technology services and
system administrative services; and
1.3. We do not collect sensitive data or special category data about you. This includes details about
your race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, or
2. How we use information we collect
2.1. We will only use your Personal Information where the law allows us to. We use your Personal
Information only where:
(a) we need to perform the contract or agreement we have entered into (or are about to enter into)
with you, including to use our Services, to provide customer support and personalised
features, and to protect the safety and security of our Platform;
(b) it satisfies a legitimate interest which is not overridden by your fundamental rights or data
protection interests, for example for research and development, and in order to protect our
legal rights and interests
(c) you've given us consent to do so for a specific purpose, for example we may send you direct
marketing materials or publish your information as part of our testimonials or customer stories
to promote our products or services with your permission; or
(d) we need to comply with a legal or regulatory obligation.
2.2. If you have given us consent to use your Personal Information for a specific purpose, you
have the right to withdraw your consent any time by contacting us (please refer to
paragraph 10 for contact information), but please note this will not affect any use of your
information that has already taken place.
2.3. We do not share your Personal Information with any company outside our group for
marketing purpose, unless we have your express specific consent to do so.
2.4. For visitors to or users of our Platform who are located in the European Union, we have set
out our legal bases for processing your information in the Legal Bases Table at the end of
3. How we share information we collect
3.1. We share information with third parties that help us operate, provide, support, improve, and
market our products and services, for example third-party service providers who provide website
and application development, data storage and backup, infrastructure, payment processing,
customer support, business analytics, Anti-Money Laundering (“AML”) and Know Your Customer
checks (“KYC”) and other relevant services.
3.2. Third-party service providers have access to your Personal Information only for the purpose of
performing their services and in compliance with applicable laws and regulations. We require
these third-party service providers to maintain confidentiality and security of all Personal
Information that they process on our behalf and to implement and maintain reasonable security
measures to protect the confidentiality, integrity, and availability of your Personal Information.
3.3. We take reasonable steps to confirm that all third-party service providers that we engage process
Personal Information in the manner that provides at least the same level of protection as is
requirements, we will require them to notify us immediately and we will take reasonable steps to
prevent or stop non-compliant processing.
3.4. We may share Personal Information on aggregated or de-identified basis with third parties for
research and analysis, profiling, and similar purposes to help us improve our products and
3.5. If you use any third-party software in connection with our products or services, for example any
third-party software that our Platform integrates with, you might give the third-party software
provider access to your account and information. Policies and procedures of third-party software
Information is collected or used by third-party software providers. We encourage you to review
the privacy policies of third-party software providers before you use the third-party software.
3.6. Our Platform may contain links to third-party websites over which we have no control. If you
follow a link to any of these websites or submit information to them, your Personal Information will
be governed by their policies. We encourage you to review the privacy policies of third-party
websites before you submit your information to them.
3.7. We may share your Personal Information with government and law enforcement officials to comply
with applicable laws or regulations, for example when we respond to claims, legal processes, law
enforcement, or national security requests.
3.8. If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your
personal information may be disclosed and/or transferred to a third party in connection with such
transaction. We will notify you if such transaction takes place and inform you of any choices you
may have regarding your Personal Information.
4.How we store and secure information we collect
4.1. We store all information provided by you on third party cloud servers.
4.2. We have adopted the following measures to protect the security and integrity of your Personal
(a) information is encrypted using TLS/SSL technology;
(b) your account is password-protected, with the requirement(s) that passwords must be at least
8 characters long, with a combination of letters and numbers;
(c) access to your Personal Information is restricted to personnel or service providers on a strictly
need-to-know basis, who will only process your Personal Information on our instructions and
who are subject to a duty of confidentiality; and
(d) our information collection, storage, and processing practices are reviewed regularly.
4.3. We have put in place procedures to deal with any suspected privacy breach and will notify
you and any applicable regulator of a breach where we are legally required to do so.
4.4. While we implement safeguards designed to protect your Personal Information, please
note that no transmission of information on the Internet is completely secure. We cannot
guarantee that your information, during transmission through the Internet or while stored
on our systems or processed by us, is absolutely safe and secure.
4.5. We only retain Personal Information for so long as it is reasonably necessary to fulfil the
purposes we collected it for, including for the purposes of satisfying any legal, accounting,
or reporting requirements. Your Personal Information will be stored for more than six (6)
years after termination for meeting data retention standards and AML/KYC record keeping
requirements. We periodically review the basis and appropriateness of our data retention
5. How we transfer information internationally
5.1. We collect your Personal Information globally and primarily store that Personal Information on third
party cloud servers. We transfer, process, and store your Personal Information outside your
country of residence where we or our third-party service providers operate for the purpose of
providing our products and services to you.
5.2. Some of the countries in which our companies or third-party service providers are located may
not have the privacy and data protection laws that are equivalent to those in your country of
residence. When we share your Personal Information with these companies or third-party service
providers, we make use of contractual clauses, corporate rules, and other appropriate
mechanisms to safeguard the transfer of your Personal Information.
6. Your rights
6.1. You have the right to:
(a) be informed of what we do with your Personal Information;
(b) request a copy of Personal Information we hold about you;
(c) require us to correct any inaccuracy or error in any Personal Information we hold about you;
(d) request erasure of your personal information (note, however, that we may not always be able
to comply with your request of erasure for record keeping purposes, to complete transactions,
or to comply with our legal obligations);
(e) object to or restrict the processing by us of your personal information (including for marketing
(f) request to receive some of your personal information in a structured, commonly used, and
machine readable format, and request that we transfer such information to another party; and
(g) withdraw your consent at any time where we are relying on consent to process your personal
information (although this will not affect the lawfulness of any processing carried out before
you withdraw your consent).
6.2. Our Platform enables you to update certain information about yourself, for example you may
change your business or personal information by contacting customer service.
6.3. You may opt out of receiving marketing materials from us by contacting us. Please note, however,
that even if you opt out from receiving marketing materials from us, you will continue to receive
notifications or information from us that are necessary for the use of our products or services.
6.4. As a security measure, we may need specific information from you to help us confirm your
identity when processing your privacy requests or when you exercise your rights.
6.5. Any request under paragraph 6.1 will normally be addressed free of charge. However, we may
charge a reasonable administration fee if your request is clearly unfounded, repetitive, or
6.6. We will respond to all legitimate requests approximately within one (1) month. Occasionally, it
may take us longer than one (1) month if your request is particularly complex or if you have made
a number of requests.
7. Changes to this policy
8. Policy towards children
Our products and services are not directed to individuals under 18. We do not knowingly collect personal information from individuals under 18. If we become aware that an individual under 18 has provided us with personal information, we will take steps to delete such information. Contact us if you believe that we have mistakenly or unintentionally collected information from an individual under 18.
9. Rights applicable to European Union Users
a. Data Transfers
If you are visiting from the European Union ("EU") that may differ from privacy laws under other
jurisdictions, please note that you may be transferring your Personal Information to us for storage
and processing in other countries around the world for the purposes described under this Privacy
Policy. We take great care in protecting your Personal Information and have put in place adequate
mechanisms to protect it when it is transferred internationally.
b. Legal basis for using your Personal Information
If you are a visitor from the European Economic Area, our legal basis for collecting and using the
Personal Information described above will depend on the Personal Information concerned and
the specific context in which we collect it. For the European Economic Area, there are different
legal bases that we rely on to use your Personal Information, namely:
- Performance of a contract. The use of your Personal Information may be necessary to perform the terms and conditions or other policies under which we provide our Services.
- Legitimate interests. We may use your Personal Information for our legitimate interests to improve our Services, security purposes, and fraud prevention, and to share information with our affiliates for internal administration. In such circumstances it is for us to ensure that these interests are not overridden by your data protection interests or fundamental rights and freedoms. If we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), this interest will normally be for to operate our platform and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
c. Legal Basis Table
Type of data processed
To register you as a user on our Platform
To perform our contract with you
To enable you to use our products and services
Support Data, Technical
Data [and User
To perform our contract with you
To process your payments
Transaction Data, Financial Data
To perform our contract with you
To administer and maintain safety and security of our Platform
To perform our contract with you
To study usage of our products or services
Support Data, Technical Data, Usage Data
Legitimate interest to improve our Platform, products, and services
To gather feedback on our products, services, or features
Legitimate interest to improve our Platform, products, and services
d. Rights under EU law
If your Personal Information is subject to the protections offered by EU law, you may:
- Access, correct, update or request deletion of your Personal Information, at any time by contacting us using the contact details provided under the "Contacting Us" section below (in accordance with applicable data protection laws); We may charge a reasonable fee for any manifestly unfounded, excessive or repetitive requests;
- Object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information for the legitimate interests that we have set out above. In certain circumstances we may not be able to stop using your personal information but, if that is the case, we will let you know and tell you why;
- Withdraw your consent at any time if we have collected and process your Personal Information with your consent;
- Opt-out of any marketing communications that we (or any third party to whom we have disclosed your personal information with your consent) may send you;
- Complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.
Please note that if you are not subject to EU law, these rights do not apply to you.
e. Contact us
AAX Exchange (Malta) Ltd is the Data Controller in relation to our Platform and are responsible for
your personal data.
You may contact us at: email@example.com if you have any concerns about this policy and your
personal information or if you would like to file a data request.