GDPR Compliance
Last Updated: October 26, 2025
At XALIUM, we are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and what rights you have regarding your personal data.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union (EU) and European Economic Area (EEA), regardless of where the organization is located.
GDPR establishes strict rules for:
- How personal data can be collected, processed, and stored
- Individual rights regarding their personal data
- Organizational responsibilities for data protection
- Penalties for non-compliance
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights regarding your personal data:
1. Right to Access
You have the right to request access to the personal data we hold about you. This includes:
- Confirmation that we are processing your data
- Access to your personal data
- Information about how we process your data
2. Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
3. Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data in certain circumstances, such as:
- The data is no longer necessary for the purpose it was collected
- You withdraw your consent
- The data has been unlawfully processed
- You object to the processing and there are no overriding legitimate grounds
4. Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances.
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
6. Right to Object
You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
7. Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.
8. Right to Withdraw Consent
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
Data Collection and Lawful Basis
We collect and process personal data only when we have a lawful basis to do so. Our lawful bases include:
| Lawful Basis | Description | Examples |
|---|---|---|
| Consent | You have given clear consent for us to process your data | Marketing emails, optional features |
| Contract | Processing is necessary to fulfill a contract with you | Account creation, service delivery |
| Legal Obligation | Processing is necessary to comply with legal requirements | Tax records, fraud prevention |
| Legitimate Interest | Processing is necessary for our legitimate interests | Security, analytics, service improvement |
Personal Data We Collect
- Account Information: Name, email address, password (encrypted)
- Broker Credentials: MT5 account details (encrypted)
- Trading Data: Signal history, trade executions, performance metrics
- Payment Information: Processed securely by our payment providers
- Usage Data: IP address, browser type, access times, pages viewed
- Communication Data: Support tickets, correspondence with our team
Data Processing and Transfers
How We Process Your Data
We process your personal data for the following purposes:
- Providing and maintaining our trading automation service
- Executing trades based on your TradingView alerts
- Managing your account and subscription
- Processing payments and preventing fraud
- Providing customer support
- Improving our services and developing new features
- Complying with legal obligations
- Sending important service notifications
International Data Transfers
Your personal data may be transferred to and processed in countries outside the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for certain countries
- Binding Corporate Rules
Third-Party Processors
We work with carefully selected third-party service providers who process data on our behalf. All processors are bound by Data Processing Agreements (DPAs) and must comply with GDPR requirements.
Our Third-Party Processors Include
Cloud hosting providers, payment processors, email service providers, and analytics services. We ensure all processors maintain appropriate technical and organizational security measures.
Data Security Measures
We implement comprehensive security measures to protect your personal data:
Technical Measures
- Encryption: AES-256 encryption for sensitive data at rest and in transit (TLS/SSL)
- Access Controls: Role-based access control with principle of least privilege
- Authentication: Strong password requirements and session management
- Monitoring: 24/7 security monitoring and intrusion detection systems
- Backups: Regular encrypted backups with disaster recovery procedures
Organizational Measures
- Regular security audits and penetration testing
- Employee training on data protection and GDPR compliance
- Data breach notification procedures
- Privacy by design and by default principles
- Regular review and update of security policies
Data Breach Notification
In the unlikely event of a personal data breach, we will:
- Notify the relevant supervisory authority within 72 hours (where required)
- Inform affected individuals without undue delay if the breach poses a high risk
- Document all breaches and our response measures
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 30 days | Service provision and legal requirements |
| Trading Data | Duration of account + 7 years | Legal and regulatory compliance |
| Payment Records | 7 years after last transaction | Tax and accounting obligations |
| Support Communications | 3 years after last contact | Customer service and dispute resolution |
| Marketing Consent | Until consent is withdrawn | Marketing communications |
After the retention period expires, we securely delete or anonymize personal data in accordance with our data retention policy.
How to Exercise Your Rights
You can exercise your GDPR rights by contacting us through the following methods:
1. Through Your Dashboard
- Access and update your account information
- Download your data (data portability)
- Manage your communication preferences
- Delete your account (right to erasure)
2. Contact Our Data Protection Officer
For more complex requests or inquiries:
- Email: [email protected]
- Subject Line: GDPR Rights Request
Request Processing
When you submit a request, we will:
- Verify your identity to protect your data
- Respond within 30 days (or explain any delay)
- Provide information free of charge (unless requests are manifestly unfounded or excessive)
- Explain any reasons if we cannot fulfill your request
Identity Verification
To protect your privacy and security, we may ask you to verify your identity before processing requests related to your personal data. This may include confirming your email address or answering security questions.
Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you:
- Have your habitual residence
- Place of work
- Place of the alleged infringement
You can find your local supervisory authority at: European Data Protection Board
Updates to This Page
We may update this GDPR compliance information from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by posting the updated information on this page and updating the "Last Updated" date.
Contact Our Data Protection Officer
If you have any questions about GDPR compliance, our data practices, or how we protect your personal data, please contact our Data Protection Officer:
- Email: [email protected]
- General Support: [email protected]
- Website: www.xalium.com