Xumi Privacy Notice
What personal information do we collect?
- We collect only that information you provide to us in connection with the calls to action on our Website. This information includes, without limitation, your name and e-mail address.
- Our Platform also automatically collects certain information about the way our Platform is used.
Why do we collect personal information and how is it used?
- Information that you provide to us is used to communicate with you.
- Information collected from is used to verify your identity and protect you and us from fraud.
- Information collected by our Platform is used to monitor and improve the functioning and security of the Platform.
- Information necessary for card issuers and merchant acquirers to establish tokenization and/or establish a merchant account for the purposes of accepting payments.
Is personal information shared or disclosed?
- We share information with our Service Providers.
- We may also disclose information in other circumstances as required or permitted by law (e.g., to law enforcement), or in the event of a business transaction.
How do we protect personal information?
- We have implemented safeguards to protect personal information under our control, and regularly review our practices to ensure they align with reasonable practices appropriate to the level of sensitivity of the information, in order to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.
What are the risks?
- Although we take steps to safeguard the personal information under our control, “perfect security” does not exist online or elsewhere. In particular, we cannot guarantee the security of information posted or transmitted using the Platform, our Website or via email. It is possible that third parties may unlawfully intercept or access such information.
What are your choices?
- You may request access to and review of your personal information in our possession, subject to certain limitations.
- Clients may also request that we change or delete their personal information in our possession, which we will make best efforts to comply with subject to certain limitations.
What else should you know?
- Some of our Service Providers transfer and/or store personal information outside Canada. This means that your information may be accessible to foreign courts, law enforcement and national security authorities.
- You can contact us with questions, complaints or to access your personal information.
Who Are We?
Xumi applications are available on xumi.ca (our “Website”) and associated commercial application websites, API’s or our consumer or merchant applications (the “Platform”).
What is Personal Information?
Personal information is any information that identifies you, or by which your identity could be deduced. It does not include aggregate or de-identified information that cannot be directly or indirectly linked to you.
It does not include information that is publicly available, as defined by applicable laws.
Why Do We Collect Personal Information from You?
We collect your personal information to:
- Establish your identity;
- Communicate with you concerning Xumi, including responding to any inquiries you may submit;
- Comply with legal and regulatory requirements, including but not limited to anti- money laundering laws;
- Establish a secure token to replace credit card details for payment purposes, and
- Establish a secure merchant account for the purpose of accepting secure token payments
What Personal Information Do We Collect About You?
The personal information we collect from you includes:
- E-mail address,
- Billing address, and
- Mobile Phone number
How Do We Collect Your Personal Information?
We collect your personal information when you submit it to us through the Website. We continue to collect and update personal information throughout our relationship with you.
For example, we collect personal information from you directly through:
- On boarding process of the Xumi application(s); and
- Your requests to our Websites.
We also collect some personal information from third parties and other sources, if necessary , as follows:
- Merchant Acquirer
- Payment Gateway
- Token Service Provider
Our Web Sites
In addition, each time you visit our Platform, we gather the date, time, browser type, name of the visitor’s Internet service provider, the site that referred the visitor to us, any pages that are requested, and the navigation history and IP address of the visitor. We also use Google Analytics to track your interaction with the Platform, including without limitation, your traffic sources and your activity on the Platform. The foregoing information does not generally contain anything that can identify users personally. If you object to this gathering of information, you should not use or access our Platform. We use this information for our internal security audit log, trend analysis and system administration, and to gather broad demographic information about our user base for aggregate use. This information may be shared with third parties in order to provide services to us or to analyze, store or aggregate the information.
Our Website uses “cookies” and similar technologies like single-pixel GIFs and web beacons. A “cookie” is a text file that is sent to your computer or device and from your computer each time you use the site. Cookies can track how and when you use the Website and which site you visited immediately before. A cookie does not damage your system and identifies your browser, not you personally.
- average time spent browsing;
- pages viewed;
- information searched for;
- access times;
- response rates to online or email advertising; and
- any other relevant information about your online experience.
If you are an anonymous visitor, the information in this paragraph does not personally identify you but rather numerically identifies your device, and we share this cookie’s information with a third party marketing provider that will use it to deliver marketing about us to you while you visit other sites on the internet.
If you do not wish to receive cookies, you may be able to disable them. Although this may provide you with enhanced anonymity, it may affect the functioning of our Website.
To the extent that our Website contains links to other sites, the owners of those sites are responsible for the privacy practices or content of those other sites. We do not endorse and will not be responsible for the privacy practices on third party websites.
How Do We Obtain Your Consent for the Collection, Use and Disclosure of Your Personal Information?
Consent for the collection, use and disclosure of personal information may be expressly given or implied. Your express consent may be given in writing, verbally or through electronic means. Your implied consent may be given through an action you have taken, such as supplying your personal information for a specified purpose.
What Do We Do With Your Information?
Your information will only be used by Xumi for the purposes outlined above under “Why Do We Collect Personal Information from You?” Your personal information will be accessible to customer support, account verification and IT staff, who have a need to know such information for the purposes outlined above.
Your information is generally stored online, in servers located in Canada. Although we do not transfer your information outside Canada, some of our service providers may do so (as explained further below).
We do not sell personal information provided to us by you, or disclose it to any third party marketers. However, information may be shared or disclosed to third parties in the following circumstances:
Third Party Services
These Third Party Service Providers are authorized to use your personal information only as necessary to provide these services to us, and in a manner consistent with this Policy. We have selected Third Party Service Providers who will only use your information in compliance with this Policy, but they may have their own specific policies regarding the collection, use and disclosure of personal information.
In the event that you dispute any transaction carried on using your Account, including but not limited to requests for refunds, we will disclose any or all of your personal information to the relevant payment provider for the purpose of facilitating investigation and resolution of such dispute. For the avoidance of doubt, this may involve disclosure of your photo identification and other personal information to third parties. Xumi is not responsible for any use, disclosure or failure to protect information by such payment providers.
We may be involved, from time to time, in transactions to sell all or part of our business or assets or merge with other businesses. Since our customer information may be part
of such transactions, we may disclose this information to other parties involved in the transaction. In such cases, the information that is shared is limited to what is necessary to accomplish the transaction, and we use contractual measures to protect the information from improper use or disclosure.
There are a number of other circumstances where we may collect, use or disclose personal information without consent when required or permitted by law.
From time to time, we may be compelled by legal action to release information (e.g., statutory reporting obligation, search warrant, court order, bankruptcy or insolvency proceedings etc.).
In certain circumstances, we may also be permitted by law to collect, use or disclose information without the consent of the individual concerned. For example, we may disclose personal information without consent if it is to be used in an emergency that threatens the life, health or security of the individual, when investigating a potential breach of contract or law, or when collecting unpaid amounts owed or owing to us.
How Do We Protect Your Personal Information?
We protect your personal information using appropriate physical, technological and organizational safeguards, including but not limited to:
- all connections to the Platform are encrypted using SSL;
- all servers are protected by multiple firewalls; and
- our employees receive training respecting secure and confidential handling of personal information.
We regularly review our practices to ensure they align with reasonable industry practices appropriate to the level of sensitivity to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.
Despite using the Safeguards outlined above, “perfect security” does not exist, particularly online. We cannot guarantee the security of information posted or transmitted via our Website, the Platform, or online. It is possible that third parties may unlawfully intercept or access such information.
If you think someone is impersonating Xumi, there has been a breach of your personal information, you may be the victim of fraud, or your Account credentials may have been compromised, please notify us as soon as possible at firstname.lastname@example.org.
How Do We Retain Personal Information?
We generally keep personal information for only as long as it is needed to accomplish the purposes for which it was collected, or as needed for authorized or legitimate purposes. More specifically, we retain your personal information as long as necessary for the fulfillment of the identified purposes for its collection or as otherwise necessary to comply with applicable laws or protect our interests. When personal information is no longer necessary or relevant for the identified purposes, or is required to be retained by applicable laws, we will take steps to have it deleted, destroyed, erased, aggregated or made anonymous. Xumi uses reasonable industry practices to ensure we have adequate controls, schedules and practices for information and records retention and destruction which apply to your personal information.
Accessing and Keeping Your Personal Information Accurate
We endeavor to ensure that any personal information provided to us by you is as accurate, current, and complete as necessary in order to meet the reason for which it was obtained.
For example, the following mechanisms allow individuals the opportunity to alert us of any potential inaccuracies in the information that we hold about them:
Clients may request access to and review of their personal information in our possession. However, access may be declined where permitted or required by applicable law, which may include (without limitation) the following circumstances:
- the information is protected by solicitor-client privilege;
- disclosure of the personal information would compromise the confidentiality of another individual or threaten the safety of another person; or
- non-disclosure of the personal information is required or permitted by law.
2. Requests to Change or Delete Personal Information
Clients may request that we change or delete their personal information in our possession. We reserve the right not to change any personal information if we do not agree that it is inaccurate or outdated, but will append any alternative text the individual concerned believes appropriate.
Where a request for access, alteration, or deletion of personal information is declined, we will provide reasons for declining the request.
Resolving your questions and concerns