Privacy Policy

UPDATED July 1st, 2024

Introduction

The following is the privacy policy (the “Privacy Policy”) of Xenea Initiative DMCC (the “Company”, “we”, “us” or “our”), a company incorporated in the Dubai Multi-Commodities Centre, United Arab Emirates. The Company collects information about you (“User”, “you”, “your”) from various sources when you access and/or use the website https://xenea.io (the “Website”) and/or access or use to provide any of our services Services to you, to protect our legitimate interests, to analyze and improve our Services, to communicate with you, and to comply with our legal and regulatory obligations. This Privacy Policy (“Privacy Policy”) covers our treatment of the personally identifiable information that we gather when you access or use our Services.

Please note that we take the protection of personal data very seriously.

The Privacy Policy applies to the services provided by the Company and the Website (collectively, the “Services”), but excludes any products, applications or services that have separate privacy policies which do not incorporate this Privacy Policy. For the purposes of the General Data Protection Regulation of the European Union (EU), the Personal Data Protection Law 2021 of the United Arab Emirates (UAE) and data protection laws of other relevant jurisdictions where Users are located (collectively, the “Data Protection Laws”), the Company is a data controller (i.e., the company who is responsible for, and controls the processing of, your Personal Data, as defined herein).

IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, THEN PLEASE DO NOT ENTER THE WEBSITE OR USE OR ACCESS ANY OF OUR SERVICES.

From time to time, we may revise or amend this Privacy Policy to reflect changes in law, our Personal Data collection and use practices, the features of the Services, or advances in technology. This Privacy Policy does not cover the practices of entities we do not own or control, or people we do not manage.

By accessing and/or using our Services, you shall be deemed to consent to all terms and conditions in this Privacy Policy.

If you have any questions or requests regarding this Privacy Policy, please contact our Data Protection Officer at the contact details provided below (at the end of this Privacy Policy).

What Personal Data we collect

To the fullest extent permitted under applicable Data Protection Laws, we may collect the following data and information (collectively, “Personal Data”):

• Full name, date of birth, gender, country of residence, username, passwords, tax numbers, and data included in government-issued identification documents;
• Financial information, sources of wealth or funds or income, level of activity anticipated, distributed ledger network wallet addresses;
• Personal Documents such as government-issued IDs, passport, bank statements, utility bills, internet bills, income, account balances, financial transaction history, credit history, tax information, and credit scores, and other forms of identification, address verification and source of funds and wealth verification;
• Corporate information such as legal entity name, doing business as name, legal domicile, fiscal domicile, object;
• Corporate documents such as certificate of registration, constitution, memorandum & articles of association, board resolution and/or power of attorney, register of directors and shareholders, certificate of incumbency, and financial statements;
• Information about how you access and use our Services, such as your actions on the Services, including your interaction with others on the Services, photos, and status information you provide;
• Contact lists on your mobile device or in your email accounts so that you can identify your contacts on the Services and invite your contacts to use our Services;
• Communications between the Company and you including emails, social media messages, job applications, and customer support requests, messages (including their content) that you send or receive via the Services;
• Current and historical information concerning your geographic location, GPS location, transaction location, and IP address, used for the purposes of analytics and fraud prevention. When you use our website, we use Google Analytics cookies to identify areas of improvement and usage patterns. You can find out more about how Google uses cookies and data from websites that use Google services by visiting Privacy Policy;
• Information about your device and its software, such as your IP address, browser type, Internet service provider, platform/operating system, date/time stamp, and referring/exit pages;

We may monitor, record, and store your personal information in order to protect your safety or the safety of other users, to assist with regulatory or law enforcement efforts, or to protect and defend our rights and property. By using the Services, you consent to the recording, storage and disclosure of such communications you send or receive for these purposes.

The Services are not available to anyone under the age of eighteen (18) (“Minors”). The Company will never knowingly collect information from or market to Minors.

We need your Personal Data to provide the Services to you and/or perform our contractual obligations to you. Without providing your Personal Data, we will not be able to provide you all of our Services.

How we use your Personal Data

To the fullest extent permitted under applicable under Data Protection Laws, we use your information to:

• Provide any information or Services that you have requested or ordered;
• Compare information for accuracy and to verify it with third parties;
• Provide, maintain, protect and improve our Services;
• Manage, monitor, and administer your use of the Services and provide an enhanced, personal, user experience;
• Manage our relationship with you (for example, customer services and technical support activities);
• Undertake internal testing of the Services or systems to test and improve their security and performance. In these circumstances, we would anonymize any information used for such testing purposes;
• Provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
• Detect, prevent, investigate or remediate, crime, illegal or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes);
• Contact you to see if you would like to take part in our customer research (for example, feedback on your use of our Services);
• Monitor, carry out statistical analysis and benchmarking (provided that in such circumstances it is on an anonymized basis);
• Deliver advertising, marketing (including but not limited to in-product messaging) or information which may be useful to you, based on your use of the Services;
• Deliver joint content and services with third parties with whom you have a separate relationship (for example, social media providers);
• In addition to the legal and commercial uses listed above, we may be required to provide any and all personal data (irrespective of format, whether visual, audio or otherwise) to regulators, law enforcement agencies and other third parties for the purposes of preventing, detecting, investigation, prosecuting crimes (included but not limited to money laundering and terrorism financing);

The Services may contain technology that enables us to:

• Check specific information from your device or systems directly relevant to your use of the Services against our records to make sure the Services can be used in accordance with our end-user agreements and to troubleshoot any problems;
• Obtain information relating to any technical errors or other issues with our Services;
• Collect information about how you use the features of our Services; and
• Gather statistical information about the operating system and environment from which you access our Services.

If you become a follower of the Company in social networks, the processing of Personal Data will be governed by the conditions of the social network itself.

The Company will treat your Personal Data in order to correctly manage your presence in the social network, inform you about the Company activities or services, as well as for any other purpose that the regulations of social networks allow.

In no case will the Company use the profiles of followers in social networks to send advertising individually.

Legal basis for processing Personal Data

We collect your Personal Data for the following purposes:

• Based on your explicit consent, for marketing purposes, which can be revoked at any time;
• Where necessary to perform any contract we enter into, or have entered into, with you to provide Services or to take steps at your request before entering into a contract;
• Where necessary for our legitimate business interests (or those of a third party) when your interests and fundamental rights do not override those interests;
• Where necessary to protect the vital interests of any individual, when your interests and fundament.
• Where necessary for public interest or in the exercise of official authority;
• Where we need to comply with a legal or regulatory obligation either in the EU, the UAE or elsewhere.

Your legal rights

• The right to access your own Personal Data.
• The right to request information about how your Personal Data has been used and disclosed.
• The right to have your Personal Data rectified if it is inaccurate or incomplete.
• The right to request deletion or removal of your Personal Data where there is no good reason for processing it.
• The right to restrict processing of your Personal Data where there is no good reason for processing it.
• The right to data portability to enable moving, copying or transferring of Personal Data from one place to another.
• The right to object to the processing of your Personal Data in certain circumstances.
• Rights relating to profiling and automated decision making resulting from the processing of your Personal Data.

The exercise of these rights is personal and therefore must be exercised directly by the interested party, requesting it directly to the Company, which means that any User, subscriber or collaborator who has provided their data at any time can contact the Company and request information about the data that it has stored and how it has been obtained, request the rectification of the same, request the portability of your Personal Data, oppose the processing, limit its use or request the cancellation of that data in Company’s files.

To exercise the rights of access, rectification, cancellation, portability and opposition, you must send an email to the Data Protection Officer together with a valid proof of identity such as a Government-issued ID document.

You may opt-out of any future contacts from us at any time. You can do the following at any time by contacting us via the contact form given on our website. In certain circumstances, you can also exercise the rights available to you and described below:

• Right to withdraw consent at any time – in circumstances where we ask for your consent to process your Personal Data, you have the right to withdraw it at any time. You will generally be able to do so by contacting us. However, if you do withdraw your consent, we may not be able to provide certain Services to you.
• You have the right to complain to the relevant competent authorities about our collection, use and disclosure of personal data. For instance, the Personal Data Protection Commission of the United Arab Emirates, or the relevant competent authorities of the relevant EU Member State.

If you wish to exercise any of the rights set out above, please contact our Data Protection Officer at the contact details set out below. When applicable, and subject to your country of residence or domicile, you may be charged with a reasonable fee for our processing of access requests, but not for processing a correction Please note that in some cases we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on the rights of others or if the request is clearly unfounded, repetitive or excessive).

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. However it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

For the avoidance of doubt, when we collect Personal Data for marketing purposes only based on your consent, the withdrawal of such consent at any time will not affect the lawfulness of the processing based on such consent before withdrawal.

Persons who may access your Personal Data

The Company’s authorized personnel, including but not limited to our Data Protection Officer, shall be allowed access to your Personal Data in order to deliver the Services to you.

We may engage from time to time to third-party service providers, and/or contractors to assist the Company with the delivery of our Services. To the extent that these third-party service providers and/or contractors collect, store, use, and/or process your Personal Data, these will always be subject to confidentiality agreements, to this Privacy Policy and the applicable data protection laws.

Disclosure of Personal Data

We do not share, rent, or sell the personal data that you provide us with other organizations without your express consent, except as described in this Privacy Policy.

Subject to applicable laws, we may disclose personal data to third parties without your consent under the following circumstances:

• Business Transfers. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• Compliance with Laws and Law Enforcement; Protection and Safety. We may share personal data for legal, protection, compliance, and safety purposes.
• Auditors, Professional Advisors and Service Providers. We may share Personal Data with those who need it to do work for us, including but not limited to auditors, professional advisors (including lawyers, accountants, bankers), and other service providers engaged by us.
• Group. We may share personal data with our related corporations, parent company, subsidiaries and affiliates.
• Marketing Activities. In case you have consented to receiving information/newsletters from us, we may share your personal data with third party service providers that help us deliver our marketing and advertising campaigns and initiatives.
• Other. You may permit us to share your personal data with other companies or entities of your choosing. Those uses will be subject to the privacy policies of the recipient entity or entities.

Transfer of your Personal Data to Another Country

The Company may share your Personal Data with recipients based outside of your country of residence to carry out the Services. The Company may transfer data to countries which may not have equivalent data protection standards. In the event of a data transfer outside of your country of residence, the Company will take appropriate measures to ensure that any recipient offers an adequate level of protection to the Personal Data, including complying with this Privacy Policy.

Personal Data Retention

We will retain your Personal Data for as long as it is necessary for the purposes of performing a contract to which you, as a data subject, are party or in order to take steps at your request prior to entering into a contract, and for a period of time following the expiration or termination of such contract as may be needed for us to comply with our regulatory and legal obligations, including compliance with anti-money laundering and counter-terrorist financing obligations.

To determine the appropriate retention period for your Personal Data, we consider the type of products and services requested by, and provided to, you, the nature of the Personal Data collected, the existence and duration of our relationship with you, the possible necessity of retaining certain data in anticipation of or relation to legal action that may arise from the termination of our relationship, mandatory retention periods prescribed by law and the statute of limitations.

Personal Data Security

To protect your Personal Data, the Company takes all reasonable precautions and follows the best practices in the industry to prevent its loss, misuse, unauthorized access, disclosure, modification or destruction.

In addition to the purposes described in this section, we may also use information we gather to deliver and personalize communications to you (for example, newsletters and emails) and to provide customer support.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, the transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

Content from other Services

The Services may include embedded content (for example, videos, images, articles, etc.). The embedded content from other Services behaves in the exact same way as if you had visited the other Services’ website or mobile application (hereafter, the “Third-Party Sites”).

These Third-Party Sites may collect data about you, use cookies, embed an additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are connected.

Please be aware that we are not responsible for the content or privacy practices of the Third-Party Sites. We encourage our Users to be aware when they leave our Services and to read the privacy statements of each and every site that collects Personal Data.

Cookies

Our Services use cookies. By accessing our Services we will inform you, through a pop-up banner, of the use of cookies.

1. About cookies

Cookies are files, often with unique identifiers, that web servers send to Internet browsers and can then be sent back to the server each time the browser requests a page from the server.

Web servers use cookies to identify and track users while browsing the different pages of Services, as well as to identify users returning to Services.

Cookies can be “persistent” cookies or “session cookies”. A persistent cookie consists of a text file sent by a web server to an Internet browser, which is stored by the browser and remains valid until the defined expiration date (unless the user deletes it before the expiration date). On the other hand, a session cookie expires at the end of the user’s session, when the Internet browser is closed.

2. Cookies from the Services

On our Services, including our Website, and mobile applications, we use session and persistent cookies.

We will send you the following cookies:

a. Session Cookies

b. Google Analytics: This cookie allows us to identify unique users, unique sessions, regulate the request rate, and store the traffic source to which the user can be attributed.

Cookie 1 is a session cookie, while Cookie 2 is a persistent cookie.

3. How we use cookies

Cookies do not contain personally identifiable information, but we have the possibility of linking the personal information we store about you to the information obtained and stored through cookies.

We use the information we obtain from the use of our cookies for the following purposes:

a. Recognize your computer when you access and/or use our Services.

b. Improve the usability of the Services.

c. Analyze the use of our Services.

d. Manage the Services.

e. Third party cookies

When you use the Services, you may also be sent third-party cookies.

Our service providers can send you cookies. They use the information they obtain through their cookies to:

a. Track your browser on different Services.

b. Create a profile of your Internet browsing.

c. Select specific ads that may be of interest.

4. Deletion and blocking of cookies

You can, at any time, restrict, block or delete cookies from the Services. To do this, you must modify the configuration of each browser. The following links detail how to block and/or manage the use of cookies on each main browser:

• https://support.google.com/chrome/answer/95647 (Chrome);

• https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-Services-preferences (Firefox);

• https://help.opera.com/en/latest/security-and-privacy/ (Opera);

• https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

• https://support.apple.com/en-gb/guide/safari/manage-cookies-and-Services-data-sfri11471/mac (Safari); and

• https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Navigation

When accessing and/or using the Services, non-identifying data may be collected, which may include the IP address, geolocation, a record of how the services and Services are used, the browsing habits and other data that may not be used to identify you.

The Services use the following third-party analysis services: Google Analytics

The Company uses the information obtained to obtain statistical data, analyze trends, administer the website, study browsing patterns and to gather demographic information.

Accuracy and veracity of Personal Data

You declare to have been informed of the conditions on protection of Personal Data, You accept and consent to the processing of the same in the manner and for the purposes indicated in this privacy policy.

Contact Data Protection Officer

For any questions or requests regarding this Privacy Policy, or to exercise the rights of access, rectification, cancellation, portability and opposition, you must contact our Data Protection Officer at:

Email: info@xenea.io

Address: Unit No: RET-R5-089 Detached Retail R5 Plot No: JLT-PH2-RET-R5 Jumeirah Lakes Towers Dubai United Arab Emirates

When writing to our Data Protection Officer, please indicate:

• your full name and contact information;
• a government-issued ID for identification purposes;
• a description of your query or request; and
• the nature of your query or request in the subject header (for example, Correction of Personal Data Request, or Personal Data Access Request).

Change of Operatorship

In case of incorporation, acquisition, merger or any other causes that cause the change of Operatorship of the Services, you expressly consent that your registration data and information are transferred by the Company to the new Operator and that the new Operator has the same obligations regarding your personal data and these Terms of Service.

Amendment to this Privacy Policy

We continually improve our methods of communication and add new functionality and features to our platforms and to our websites. Because of these ongoing changes, changes in the law and the changing nature of technology, the Company’s data practices will change from time to time. If and when the Company’s data practices change, the Company will change its Privacy Policy accordingly and post the updated Privacy Policy on the website. We encourage you to check this page frequently.

Notice to California and Virginia Residents

Our Services are currently designed for use only outside of the United States. You should not use our Service if you are a United States based person.

However, in the case we collect Personal Data from California and Virginia residents, this section provides additional information about how we process such data. It should be read in conjunction with California Consumer Privacy Act (“CCPA”) and the Virginia Consumer Data Protection Act (“VCDPA”).

Subject to certain limitations and exceptions, the CCPA and VCDPA provide California and Virginia residents the right to:

• Confirm whether the Company processes your Personal Data;
• Correct inaccurate Personal Data;
• Request details (in a readily usable format) about the categories and specific elements of Personal Data collected;
• Delete your Personal Data;
• Opt out of any sales, sharing, targeted advertising, or profiling for certain decisions (as these terms are defined by applicable state law); and
• Not be discriminated against for exercising these rights.

We do not sell information about you to third parties. In order to help the Company deliver advertising, analytics, and web hosting services, your personal data may be shared with third parties in a manner that may be considered a “sale” under the CCPA or “sharing” for targeted advertising under the CCPA and VCDPA.

We collect the following categories of personal information: identifiers (such as name, email address); device and online identifiers and related information (such as, device, application, or browser type, IP address); internet or other electronic network activity information (such as browsing history, search history, and information regarding interactions with our websites, emails, or ads); general geolocation data (such as IP-address based location); and other information you provide.

California and Virginia residents may make a request to exercise rights under the CCPA and VCDPA, respectively, by contacting us at the contact details provided in this Privacy Policy.

Services Operator

The Services are operated by Xenea Initiative DMCC, a company registered in the Dubai Multi-Commodities Centre, United Arab Emirates.