Privacy PolicyThis Privacy Policy is effective from 1st January 2024.
This Privacy Policy (“Policy”) explains how we collect, use, and process your personal data when you use our website https://www.gxegy.co.uk (“Website”), our web application (“Web App”), our mobile app (“App”) and email messages that we send to you (jointly called “Services”). If anything here applies to only one of our Services or to customers in a particular country, we’ll explicitly point this out to you.
By continuing your interactions with us, such as by submitting information to us, or using our Services, you confirm that you understand and consent to the collection, use, disclosure, and processing of your personal data (or the personal data of any individual you provide) as described in this Privacy Policy.

1. Data we collect about you

Personal data, or personal information, means any information about an identified or identifiable individual. It does not include anonymous data, which cannot be linked back to the individual. We will collect and process personal data about you as follows:

Information you give us.

You may give us information about yourself when you sign up to use our Services, e.g. when you provide us with personal details including your name and email address. This also includes information you provide through your continued use of our Services, your participation in discussion boards or other social media functions on our Website or App, through entering a competition, promotion or survey, and by reporting problems with our Services. Additional information you give us for security, identification and verification purposes may include your address, phone number, financial information (including credit card, debit card, or bank account information), payment reason, geographical location, social security/insurance number, national identification number, personal description, photograph, tax reference number, proof of address, proof of residency, passport and/or National ID. If you fail to provide any of this information, it might affect our ability to provide our Services to you.

The content of your communications with us, which we collect via telephone call recordings, online chat, emails, direct messaging and other means.

In some cases, including when you send or receive high value or high volume transactions, or where we need to comply with anti-money laundering regulations, we may also need more identification information from you, including a copy of your bank account statements.

In providing the personal data of any individuals other than yourself, including connected persons, you confirm that you have obtained consent from such individuals to disclose their personal data to us or are otherwise entitled to provide this information to us. You also confirm that you have brought this Policy to their attention if legally necessary, and have received their consent to our collection, use and disclosure of such personal data for the purposes set out in this Policy. The term ‘connected person’ means an individual connected to GXEGY through the use of our Services and could be an account holder, payment beneficiary, recipient of a designated payment, guarantor, director, shareholder, partners or members of a partnership, trustee, authorised signatory of a designated account, a friend you have recommended, individuals in your contact list or any other person who has a relevant relationship with GXEGY.

If you enable your discoverability feature for some of our Services we will generate a link and a nickname on your behalf to be shared. Such a link may include your name, business name, account details, nickname and, at your option, your avatar or photograph.

Please ensure that your personal data is current, complete and accurate by logging onto your account and updating it whenever necessary.

As part of our identity verification process we collect, use and store biometric data, namely:

We extract face scan information from photos and videos to compare pictures of you on identity documents with each other and with a selfie that you provide to verify your identity and for anti-fraud checks, and to improve these processes. We may ask you to specifically consent to the collection, use and storage of your biometric data during the verification process, where privacy regulations require it in your jurisdiction. If you do not consent, we offer alternate methods to verify your identity which may take longer. The same documents and photos are required for both processes. We will not disclose or disseminate any biometric data to anyone other than our identity verification providers, or when required by applicable laws and regulations, or pursuant to a valid order from a court. We never sell, lease, trade or other GXEGY benefit from your biometric data. We will retain biometric data for the period necessary to complete the identity verification process, and in any case no longer than 1 year after collection, unless required by law or legal process to keep it longer.

We monitor the way you login and interact with our website or app in order to validate your identity and support the detection of fraudulent and suspicious attempts to access your GXEGY account;

If you consent to linking your bank account to your GXEGY account for the purpose of satisfying regulatory verification, we may also process a limited amount of sensitive data when we carry out verification of your financial documents.

Your jurisdiction may have rules that classify other information described in section 2 as sensitive. All sensitive information is subject to appropriate levels of protection;

Children’s data. Our products and services are directed at adults, and are not intended for children. We therefore do not knowingly collect data from children. Any data collected from a child before their age is determined will be deleted.

How we protect your personal information

 We take the safeguarding of your information very seriously. The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data during transmission, and any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to ensure it stays secure, including:

Communications over the Internet between you and Wise systems are encrypted using strong asymmetric encryption. This makes it unreadable to anyone who might be listening in;

We update and patch our servers in a timely manner;

We run a Responsible Disclosure and bug bounty program to identify any security issues in GXEGY services;

Our technical security team proactively monitors for abnormal and malicious activity in our servers and services;

When information you’ve given us is not in active use, it is encrypted at rest.

We are regularly audited to confirm we remain compliant with our security certifications, including SOC 2 and PCI-DSS. As part of these audits, our security is validated by external auditors.

We restrict access to your personal information to those employees of Wise who have a business reason for knowing such information and third party service providers’ processing data on our behalf. All GXEGY employees who have access to your personal data are required to adhere to this Policy and all third-party service providers are requested by GXEGY to ensure appropriate safeguards are in place. In addition, contracts are in place with third-party service providers that have access to your personal data, to ensure that the level of security and protective measures required in your jurisdiction is in place, and that your personal data is processed only as instructed by GXEGY.

We continuously educate and train our employees about the importance of confidentiality and privacy of customer personal information. We maintain physical, technical and organisational safeguards that comply with applicable laws and regulations to protect your personal information from unauthorised access.

Ways we use your information

 Lawful basis: We will only use your personal data when the law allows us to. Depending on the country in which you are in, we rely on the following legal bases to process your personal data:

Where you have given us your consent to process your data - please note that when we are processing your personal data on the basis of consent, the applicable local regulations apply;

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

Where we have a legal obligation to process your personal data to comply with laws, regulations or court orders;

Where it is necessary to fulfil our obligations under a contract with you;

Where it is necessary to protect the vital interests of yourself or other individuals.