Ixaris is committed to respecting our customers’ privacy and protecting their personal information from misuse or
2. BUSINESS SUMMARY
Ixaris is a Fintech company, specialising in the business area of payments and facilitating travel and commercial payments, using a flexible and extensible payments platform.
|Organisation Size||130-150 Staff|
|Locations||London and Malta|
3. ORGANISATION CONTACT DETAILS
Data Controller Details
Email Address: firstname.lastname@example.org
Postal Address: 2 Stephen Street, London W1T 1AN, United Kingdom
Data Protection Officer Details
Name: Denise Vella
email Address: email@example.com
4. DESCRIPTION OF PROCESSING
The following is a very broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation directly to ask about your personal circumstances. We process personal information to enable us:
- to provide payment and associated services,
- to maintain our accounts and records,
- to promote our services
- to correspond with you and offer support
- to comply with legal obligations
- to prevent malicious activity
5. DATA WE COLLECT – ONLINE SERVICES
From our website:
and our website’s associated contact forms:
From our Careers page:
Job Application Forms:
From our contact email addresses:
Email address: firstname.lastname@example.org
From our Support email addresses:
Depending on which of our services you use we may collect the following information:
Your Company/Organization details
Information you may enter on our contact form regarding your inquiry.
From people who are interested in a career at Ixaris we will also collect your address, CV and any information it contains as well as your desired remuneration. From our job application page, we may also collect any links you send us to any Website, Blog, portfolio and Linkedin link and information you may enter on “How did you hear about this job?” form.
From any emails you send to our contact or support email addresses we will collect all the information you write in the email.
For business users who make use of our services and business consoles we may collect:
Business Address/city/state/country/Postal code
Title, Name, Surname
Email, Email Content
Business phone number, Mobile number
Login/Logout Details/session information/IP address/ Login country/
Authentication details/security question and answer
Customer service communication
Travel agency customer personal and travel details, such as contact details and travel details
Credit Card details
6. WHEN, WHY AND HOW WE GAIN CONSENT (LEGAL BASIS)
We will not collect any information about you without your explicit consent.
We will ask your consent every time we need to collect personal information about you unless you are signing up to one of our services when we will then have a contractual obligation to collect this data.
We will explain in clear simple terms why we want to collect your information and what we will do with it before seeking your consent so you are fully informed and you will be given a clear and unambiguous option to opt
7. WHY WE COLLECT PERSONAL INFORMATION
We collect information about you to process the financial services provided by Ixaris.
We collect information about you to manage your account and to protect your account against malicious activity.
We may collect and analyse information for the purpose of providing personalised products.
We also use it to recommend things we think you will like or to notify you about things you’ve told us you like.
We also use your information for business, regulatory and legal purposes such as dealing with any requests you make or content you submit.
We also use the information to get in touch if we need to tell you about something, like a change to our policies or issues with any of our services.
We also collect information for employment purposes.
8. WHO PROCESSES THE DATA YOU COLLECT (WHO ARE THE RECIPIENTS OF YOUR DATA)
We will store and process your data following industry best practice and security.
Some of that processing takes place at Ixaris in London and Malta
Some of the processing may take place in areas outside of the UK and Malta but within the EEA and covered by GDPR.
Where processing takes place by one of our trusted data processors, we ensure that our contracts with those 3rd parties contain the appropriate GDPR model clauses and that all our 3rd parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it.
Some of the processing may take place outside of the EEA. Where processing takes place by one of our trusted data processors, we ensure that our contracts with those 3rd parties contain the appropriate GDPR model clauses and that all our 3rd parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it.
The data we collect through our online services may be processed by one or more of the following:
- Trusted service providers such as technology, support, marketing, and sales service providers
- Financial Institutions
- Money Laundering prevention companies
- HR partners
- Other companies within the group
9. WHERE WE MIGHT SEND YOUR DATA (GEOGRAPHICALLY)
We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.
We will only consider transferring your data outside of the EU if the following conditions are met.
A transfer, or set of transfers, may be made where the transfer is:
Made with your explicit informed consent;
Necessary for the performance of a contract between the you and this organisation or for pre-contractual steps we need to take at your request;
Necessary for the performance of a contract made in your interest between this organisation and another person;
Necessary for important reasons of public interest;
Necessary for the establishment, exercise or defence of legal claims;
Necessary to protect your vital interests or those of other persons, where you are physically or legally incapable of giving consent;
Made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register).
10. HOW LONG DO WE KEEP YOUR DATA
We keep your information in line with our data retention policy. For example:
- we keep transaction information for a period of seven years from the end of our relationship with you;
- we keep your personal account information for a period of five years from
- when you apply for a job with us, we keep your CV and correspondence for a period of one year.
This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate business purposes, such as to respond to queries or complaints, fighting fraud and financial crime and responding to requests from regulators. Information that exceeds the retention periods is deleted or removed using industry best practices.
11. YOUR RIGHTS AS AN INDIVIDUAL IN RESPECT TO DATA WE HOLD
We respect the rights and freedoms of individuals and as such we would like to make you aware of the following. You have the:
Right to access – you can ask us whether we’re processing your personal data, including where and for what purpose. You can also request an electronic copy of your personal data free of charge
Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data
Right to rectification – you can ask us to correct inaccurate personal data we hold about you
Right to erasure (right to be forgotten) – in certain circumstances, you can ask us to erase your personal data
Right to data portability – you can ask us to provide you with a copy of your personal data in a commonly used electronic format so that you can transfer it to other businesses
Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data that produce significant legal effects
Right to lodge a complaint – you can lodge a complaint with us or your local data protection authority
To exercise your rights above please contact our Data Protection Officer, Data Controller or Company representative via any of the channels provided.
You also have the right to lodge a complaint with our supervisory authority. Ixaris’s main establishment is Malta, thus its supervisory authority is the IDPC in Malta. Their contact details are as follows: https://idpc.org.mt/en/Pages/contact/complaints.aspx
Quick links for exercising your rights:
DPO email Address: email@example.com
Controller email address: firstname.lastname@example.org
12. DATA SOURCES – WHERE DID YOU GET MY DATA
Any and all data in respect of – Data We Collect, is collected directly from you, the individual.
We do not collect any of your personal data from any other sources. This includes any publicly accessible list and or data sources, whether in the public domain or if we have a legitimate interest to be able to access those sources legally.