VERSION 1
AUGUST 2024
THIS DOCUMENT IS FOR EXTERNAL USE AND SHALL BE PUBLISHED ON THE COMPANY’S WEBSITE
This privacy policy (the “Policy”) has been developed by and for STIX OTC FZE (referred to as “STIX”, “we”, “us”, “our”, “ours” or “Company”). This Policy is reviewed annually, unless there is a change in regulation that requires to implement an earlier update. The Chief Information Security Officer (“CISO”) who shall be the designated Data Protection Officer (“DPO”), is responsible for the maintenance of this Policy. STIX’s Board of Directors (“Board”) is responsible for approving and monitoring the implementation of this Policy and the related procedures. Upon establishing that an update is required, the CISO proposes changes by presenting them to the Board. Once the Board approval is sought, the changes are incorporated in the Policy.
1.1. This Policy is reviewed annually, unless there is a change in regulation that requires to implement an earlier update. The CISO is responsible for data management and protection including responsibility for maintaining policies, procedures, systems, and controls to protect users’ and or visitors’ personal data and information against misuse, unauthorized access and undue processing and analysis.
1.2. The Board is the approving body for the Policy. Upon establishing that an update is required, the CISO proposes changes by presenting them to the Board of STIX. Once the Board approval is sought and obtained, the approved changes are incorporated in the Policy.
2.1. We STIX, a free zone establishment with limited liability, registered under the Dubai World Trade Centre (“DWTC”) Free Zone, Dubai, United Arab Emirates (“UAE”), are committed to protecting your privacy. This Policy applies to all persons using our website, webapp, pages, features, mobile applications, or other products and services (collectively “Platform”). This Policy governs our data collection, processing, and usage practices. It also describes your choices regarding use, access, and correction of your personal data. Personal data or personal information includes any data or information relating to you which may, by itself, or in combination with other data or information, be able to identify you (“Personal Data”).
2.2. By consenting to this Policy, you, whether in the capacity of a representative of a Buyer, Seller, third party service provider, business partner or visitor (“User” or “you” or “your”) provide your consent to this Policy and to the data processing purposes and practices stated in it. If you do not agree with the data processing purposes and practices stated in this Policy, you may choose to stop using our Platform. We periodically update this Policy. We encourage you to review this Policy periodically.
2.3. All capitalized terms and definitions, not defined in this Policy, have the meaning ascribed to them in our Client Agreement. For terms and definitions capitalised in both this Policy and the Terms and Conditions, the meanings ascribed in this Policy shall prevail for the interpretation of this Policy.
3.1. This Policy has been developed for purposes of compliance with the Federal Decree-Law No. 45 of 2021 on Personal Data Protection (“PDPL”) and the data protection-oriented provisions present in the Consumer Protection Standards issued by the Central Bank of the UAE (“CBUAE”) and Dubai’s Virtual Assets Regulatory Authority’ (“VARA”)’s rulebook(s).
3.2. Without information about you, we may not be able to provide you with our services through the Platform or the support you request or require. Some of the Personal Data we obtain is collected to comply with applicable laws and regulations, including anti-money laundering laws. This Policy explains:
i. The types of Personal Data we collect about you;
ii. How we use Personal Data about you;
iii. Types of information we disclose to third parties and the types of such third parties; and
iv. How we protect your Personal Data;
3.3. We may rely on your consent to process your Personal Data, where applicable. However, we may also process your Personal Data (whether provided directly by you, whether collected by us, or received by us from third parties or otherwise) to satisfy any legal obligations arising from any contracts entered into/ with/ involving you or to deliver any services to you which you have contracted with us to provide to you; or to take steps at your request prior to entering into a contract with you.
3.4. By applying or signing up for services offered through our Platform, you authorize and consent to our obtaining from, and disclosing to, third parties any Personal Data about you as stated in this Policy. Such Personal Data processing, sharing, transfers may be in connection with identity or account verification, fraud detection, or collection procedure, or as may otherwise be allowed or required by applicable law.
3.5. Where consent is the legal basis to process your Personal Data, you can withdraw such consent. Such withdrawal will not affect the lawfulness of processing based on previously recorded consent. Such withdrawal will take effect within 30 calendar days of submission of request. If you wish to submit such a request, please contact us at dpo@stix.co.
3.6. The specific Personal Data we collect, the method by which we collect such data, the purposes for which we collect such data, how we share such information, and how long we retain such data is explained individually, specifically for your clear, simple, and withdrawable consent below in this Policy.
4.1. From time to time, we may revise, amend, or supplement this Policy to reflect necessary changes in law, our Personal Data collection and usage practices, the features of our Platform, or advances in technology. If any material changes are made to this Policy, the changes may be prominently posted on our Platform. However, the onus is also on you to occasionally familiarize yourself with the contents of this Policy, for your own information.
4.2. Changes to this Policy are effective when they are published.
Your Personal Data is collected and processed in accordance with relevant data protection principles, including lawfulness, fairness, and transparency; purpose limitation; collection limitation; data minimization; accuracy; rectification measures; storage limitation; integrity and confidentiality (security); with all relevant laws and regulations considered; and however applicable.
6.1. We process different types of Personal Data, which are set out in the table below together with the lawful basis for such processing and the source of such information.
| Information we process | Purpose / activity | Lawful basis | Mode of Collection |
|---|---|---|---|
| Personal identifiers/details Identity data: includes first name, last name, username, photograph, ID document number. Contact data: includes contact details, billing address, delivery address, email address, and telephone numbers. Profile data: includes the username and password used by our Users or User’s representatives when they log in the Platform. | Register for our Platform. Identity verification. Fulfil any requests you make (e.g., submitting a query on the Platform, subscribing to a communications service, fulfilling requests for information, entering into a competition, promotion, survey etc.). Allow you to participate in any interactive features of our Platform, when you choose to do so. Providing services. | Compliance with law. Your consent. Performance of a contract with you. If the processing is in relation to Personal Data that has become available and known to the public by your act(s). Necessary to comply with a legal obligation. | Our registration, enquiry or contact forms, our direct interactions with you, or our email correspondence with you. Collected by our third-party AML/KYC service providers to comply with applicable laws and made available to us. |
| Sensitive Personal Data Criminal records. | Collected as part of the due diligence process for some of our Users. We may also collect information about criminal convictions and offences but only in the context of fraud or security checks when this is necessary to comply with applicable laws or with any applicable financial services standards or requirements. | Providing services. Compliance with law. Your consent. Performance of a contract with you. If the processing is in relation to Personal Data that has become available and known to the public by your act(s). Necessary to comply with a legal obligation. | Our registration, enquiry or contact forms, our direct interactions with you, or our email correspondence with you. Collected by our third-party AML/KYC service providers to comply with applicable laws and made available to us. |
| Legal proceedings data Details of legal proceedings, details of criminal convictions or related to judicial or security procedures. | In order to ensure that our supply arrangements are put in place in a manner that complies with the law. | Providing services. Compliance with law. Performance of a contract with you. Necessary to comply with a legal obligation. If the processing is in relation to Personal Data that has become available and known to the public by your act(s). | The organisation you work for. Our registration, enquiry or contact forms. Public registers and records. Third party providers of databases containing relevant information. |
| Marketing data Includes your name, position and business details and includes your preferences in receiving marketing from us and our third parties and your communication preferences. | Promote and market our company products and services. Provide you with personal offers tailored to your needs and customising what we show you to your preferences. Distribute information, newsletters, publications, and other communication via various mediums to keep you informed. | Your consent. Performance of our contract with you. | Our registration, enquiry or contact forms, our direct interactions with you, or our email correspondence with you. |
| Feedback and opinions | Customer care. Allow us to answer queries and complaints you may have. Help us evaluate the quality and consistency of our services. Research and develop new product offerings and services. | Your consent. Performance of our contract with you. | Our enquiry or contact forms, and our correspondence with you. |
| Technical Data Includes your internet protocol (“IP”) address, your login data, internet browser and device type, time zone setting, location data and your use of our Platform, including which pages you visited, how you got to our Platform, the time and length of your visit and your language preferences. | Enables us to: monitor the performance and relevance of our Platform and our ad words campaigns; ensure that content from our Platform is presented in the most effective manner for you and for your computer; tailor the content of our Platform for you; and keep our Platform, our other IT systems, and facilities safe and secure (cybersecurity). | Your consent. Performance of our contract with you. | As you interact with our Platform, we will automatically collect Platform communication and usage data about your equipment, browsing actions, and patterns. We collect this personal data through the operation of your browser on your device, by using cookies and other similar technologies. Please see our cookie policy as provided in clause 7 for more information. Third party analytics providers such as Google Analytics. |
| Email interaction | The number of times you open each email we have sent you, whether they have been delivered to you, and which sections you clicked on. Information contained within our correspondence with you. | Fulfil any requests you make (e.g., submitting a query on our Platform, subscribing to a communications service, fulfilling requests for information, entering into a competition, promotion, survey etc.). Measure the effectiveness of our email correspondence with you, including marketing campaigns. Plan marketing campaigns. Segment our database. | Your consent. Performance of our contract with you. Our correspondence with you. |
| Banking data For third party service providers, your bank account number, wallet addresses, card data and fiscal information. | Perform the agreements we have with you and to manage our relationship in this respect. | Your consent. | Our registration forms, order forms, or correspondence with you. |
This clause of the Policy explains what cookies are, what Personal Data we collect using cookies and how we use cookies in respect of the Platform.
7.1. What is a cookie?
i. A ‘cookie’ is a small piece of encrypted text saved on the browser or hard drive in your computer or mobile device when you visit a website. Cookies are selected pieces of information that websites or mobile applications send to your device or computer’s hard drive, while you are viewing or using our Platform, as permissioned. It allows us to recognise you and make your next visit easier and the experience of our services more useful to you. Cookies can be stored for varying lengths of time on your browser or device.
ii. We use both session / transient cookies (which expire once you close your device web browser) and persistent cookies (which stay on your device until you delete them) to collect information to provide you with a more personalized and interactive experience in using our Platform and services. This type of data is collected to make our services more useful to you and to tailor your experience with us to meet your special interests and needs.
7.2. How we use cookies
i. When you use and access our Platform, we may place a number of cookie files on your device’s web browser. We use cookies to enable certain functions of the Platform i.e., to provide analytics, to prevent fraudulent or illegal activity, to store your preferences, to enable advertisements delivery, including behavioural advertising. We also use cookies to enhance your browsing experience by:
a) Recognizing when you log in and any preferred settings.
b) Giving you a browsing experience that is unique to you and to serve you content which we believe improves your sites experience.
c) Analysing how you use our sites which helps us to troubleshoot any problems and to monitor our own performance.
ii. In addition to our own cookies, we may also use various third parties’ cookies to report usage statistics of our sites, deliver advertisements on and through our Platform, and so on.
7.3. Types of cookies we use
We use the following four type of cookies,
i. Essential cookies: These cookies are essential to let you move around the Platform and use its features. These cookies allow our Platform to provide services at your request. We use essential cookies to authenticate users and prevent fraudulent use of user accounts.
ii. Performance cookies: These cookies may be used to collect information about how you use the Platform e.g., which pages you visit most often, and if you experience any error messages. They also allow us to update our Platform to improve performance and tailor it to your preferences. These cookies do not collect any information that could identify you - all the information collected is anonymous.
iii. Functionality cookies: These cookies are used to remember the choices you make, e.g., your username, log in details and language preferences. They also remember any customizations you make to give you enhanced, more personal features of your digital experience.
iv. Advertising and targeting cookies: These cookies are used to collect information about your visit to our sites, the content you viewed, browsing habits to deliver adverts which are more relevant to your interest, links you followed and information about your browser, device, and your IP address. They also measure the effectiveness of advertising campaigns.
7.4. Cookies preferences
Please note, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer on our Platform. You may not be able to store your preferences, and some of our pages might not display properly. STIX is not responsible and will not be held liable for any loss resulting from your decision or inability to use cookies.
8.1. We may also create, process, collect, use, and share aggregated, anonymized, or de-identified data such as statistical or demographic data for any purpose which may be derived from your Personal Data. We may use this data to comply with legal or regulatory obligations.
8.2. We may also use any or all of the Personal Data above to administer and manage our business in general, to detect and prevent misuse of our services (including fraud and unauthorized payments), and to enforce our Terms and Conditions or any other contract to which we may be a party to.
9.1. If you fail, neglect and/ or refuse to, or are unable to provide us any Personal Data which we necessarily need to provide you with services, or which we need to collect by law (for example: identification information for KYC/AML obligations), we may not be able to provide you our services through the Platform. In this case, we have the right to discontinue the provision of services to you and/or close your account with us. In such a situation, we will notify you at the earliest.
10.1. Any third party that receives or has access to Personal Data is required to protect such Personal Data and use it only to carry out the services they are performing for you or for us to provide the Platform to you, unless otherwise required or permitted by applicable law. We shall ensure any such third party is aware of our obligations under this Policy and that we enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Data disclosed to them than the obligations we undertake to you under this Policy, or which are imposed on us under applicable data protection laws. In case of termination of our business relationships with such third parties we shall ensure that all your Personal Data is either retrieved from such third party or is destroyed. We shall also confirm in our contracts with such third parties that the third party does not have the right to use such data for unauthorized purposes.
10.2. We may disclose relevant Personal Data:
i. to VARA, public authorities, agencies, law enforcement authorities and judicial bodies where we are legally required to do so, to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements), or where we find it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved disclose your Personal Data. Additionally, we may disclose your Personal Data to enforce our Terms and Conditions, or to protect our rights, safety, and security, and that of our users, other persons, or the public;
ii. to VARA, governmental bodies and regulatory authorities, judicial bodies, our associates, agents, attorneys, or other representatives for compliance with legal obligations to which we are subject or for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. Such information may be shared even without your prior consent;
iii. to interested third parties in connection with, or during negotiations of, any merger, sale of STIX’s assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your Personal Data may also be transferred as a business asset forming part of our goodwill. If another company acquires us, our business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations held by us regarding your Personal Data, as described in this Policy;
iv. to our suppliers or subcontractors as reasonably necessary for providing our services through the Platform to you;
v. where we use third party advertising companies to serve ads when you visit or use the Platform. These companies may use information about your visits to our Platform to provide advertisements about goods and services of interest to you;
vi. our payment services providers only to the extent necessary for carrying out our services;
vii. our group companies, including our affiliates, for rendering our services, compliance with applicable laws and improving the quality of our services;
viii. in connection with the provision of the Platform, with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples of such third parties include AML/KYC service providers, payment processors, customer relationship managers, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services and marketing efforts;
ix. our business partners that run advertising campaigns, contests, special offers, or other events or activities in connection with the Platform; and
x. other users of our Platform with whom you interact through your own use of our Platform. For example, we may share information when you make a transaction.
11.1. Your Personal Data is stored and transferred in compliance with the applicable legislation or regulations of the UAE.
11.2. You should be aware that certain third-party service providers, such as payment transaction processors, may be located in, or have facilities that are located in, outside UAE, in a different jurisdiction than either you or us.
11.3. As mentioned in clause 11.2, we may transfer of Personal Data outside the UAE. Subject to paragraph 11.4 below, we shall do so only when the country or territory to which the Personal Data is to be transferred (i) has a bilateral or multilateral agreements related to Personal Data protection with the UAE or (ii) has special legislation on personal data protection therein, including the most important provisions, measures, controls, requirements and rules for protecting the privacy and confidentiality of the your Personal Data and their ability to exercise their rights, and provisions related to imposing appropriate measures on the controller or processor through a supervisory or judicial authority.
11.4. Notwithstanding paragraph 11.3 above, some of the international organizations and countries to which your Personal Data may be transferred do not benefit from an appropriate data protection regulatory framework. For such international organizations and countries, we shall transfer your Personal Data, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organizations and countries.
11.5. We may also transfer your Personal Data to recipients outside the UAE based on (i) your express consent; or (ii) if such transfer is necessary for judicial processes; or (iii) if such transfer is necessary for entering into or performing a contract between us and you or (iv) between us and a third party for your interests, or (v) if such transfer is necessary for an act relating to international judicial cooperation; or (vi) if the transfer is necessary for protection of public interest. We shall notify you with regards to the specific safeguard we shall adopt in transferring your Personal Data to such an international organization and/or country if you require such data. You provide your consent, through the acceptance of this Policy for such transfer.
11.6. If you wish to procure specific information about the third-party service providers with whom your Personal Data has been shared, please contact us at dpo@stix.co. If you choose to proceed with a service that requires the involvement of a third-party service provider, then your Personal Data may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For these providers, we recommend that you read their privacy policies, so you can understand the manner in which your Personal Data will be handled by these providers.
12.1. We may allow third-party service providers to deliver content and advertisements in connection with our Platform and to provide anonymous site metrics and other analytics services to us. These third parties may use cookies, web beacons, and other technologies to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access our services, webpages viewed, time spent on webpages, links clicked, and conversion information. This information may be used by us and third-party service providers on our behalf to analyse and track usage of our services, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand how you use our services.
12.2. The third-party service providers that we engage are bound by confidentiality obligations and applicable laws with respect to their use and collection of your information.
12.3. This Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices.
13.1. Our Platform or communications may contain links to other third-party websites which are not owned or operated by us and are regulated by their own privacy policies. If you click on a third-party link, you will be directed to that third party’s platform. We strongly advise you to review the privacy policy of every platform you visit.
13.2. This Policy does not apply to, and we are not responsible for the privacy policies of these third-party websites regardless of whether they were accessed while using links from our Platform or communications. These third parties are typically used for the following:
i. Advertising, direct marketing, lead generation and other marketing service providers;
ii. SMS and email notification service providers;
iii. Foreign and domestic financial and credit institutions; and
iv. Auditors.
You have the following rights with respect to your Personal Data:
14.1. Right to access to Information
i. You have the right to request and obtain the following information:
a) The categories of Personal Data processed;
b) The purpose of the processing;
c) Automated decision making on your Personal Data;
d) Target sectors or enterprises with whom your Personal Data is shared;
e) Controls or standards relating to storage of your Personal Data;
f) Actions for rectification, restriction, or erasure of your Personal Data which have been taken upon your request;
g) Safeguards in case of cross border Personal Data transfer;
h) Actions to be taken in case of personal data breach where such breach affects you; and
i) Procedure to lodge a complaint with the UAE Data Office.
ii. We may refuse your demand if request is excessively repeated, is in contravention of judicial proceeding or investigations, negatively impacts our endeavours to maintain information security, or relates to the privacy of a third party.
14.2. Right to rectification
You have the right to rectify any inaccurate Personal Data about you and to complete any incomplete Personal Data about you.
14.3. Right to erasure
i. You have the right to demand erasure of your Personal Data with us if:
a) the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
b) you withdraw consent to consent-based processing;
c) you object to the processing of your Personal Data under the applicable law;
d) your Personal Data has been unlawfully processed; and
e) your Personal Data must be erased for compliance with legislation.
ii. We may refuse your demand if your Personal Data is processed for compliance with a legal obligation, or establishment or exercise or defence of legal claims.
14.4. Right to restrict processing
i. You have the right to restrict processing of your Personal Data if:
a) you contest the accuracy of the Personal Data;
b) processing is unlawful;
c) we no longer need the Personal Data for the purposes of our processing, but you require Personal Data for the establishment, exercise, or defence of legal claims; and
d) you have objected to processing, pending the verification of that objection, in which case we may continue to store your Personal Data, but we will only otherwise process it: (i) where aforementioned processing is restricted only to storage of said Personal Data; (ii) with your consent; (iii) for the establishment, exercise or defence of legal claims; (iv) for the protection of the rights of another natural or legal person; or (v) for reasons of important public interest.
14.5. Right to stop processing
i. You have the right to object to our processing of your Personal Data and stop the processing of said Personal Data in the following cases:
a) if such processing was done for direct marketing purposes,
b) if such processing was done for statistical survey purposes, unless such processing is necessary for public interest; and
c) where such processing is in contravention of personal data protection controls as envisaged by the PDPL and mentioned under clause 5 (Personal data protection principles).
14.6. Right to Personal Data portability
i. You have the right to Personal Data portability to the extent that:
a) the legal basis for our processing of your Personal Data is your consent, or is a necessity to perform a contract to which you are party; or
b) such processing is carried out by automated means.
ii. You have the right to receive your Personal Data from us in a structured, commonly used and machine- readable format. Where technically feasible, you may also request us to transmit your Personal Data directly to another entity.
14.7. Right to object to automated decision making
You have the right to object to automated decision making (if any) if it has legal or serious consequences that affect you. Such requests may be refused by us if such automated processing is performed in accordance with any contract between you and us, is necessary for compliance with other legislation, or you have specifically provided consent for such practices.
14.8. Right to lodge a complaint with the supervisory authority
In the UAE, you have the right to lodge a complaint with the UAE Data Office (if you have UAE domicile or place of business) or the Consumer Protection Department at CBUAE.
15.1. We aim to respond to all legitimate requests without undue delay and within 2 calendar months of receipt of any request from you. Occasionally it may take us longer than 2 calendar months, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).
15.2. If you wish to exercise any of the rights mentioned under clause 14 (Your rights in relation to your Personal Data), please contact us at dpo@stix.co. We may need to request specific information from you to help us confirm your identity and ensure your entitlement to such rights. This security measure is to ensure that your Personal Data is not disclosed to any person who has no right to receive it.
16.1. We retain Personal Data on your behalf, including customer data, transactional data, and other session data, linked to your account.
16.2. Your Personal Data will be processed for no period longer than as required by us for the purposes it was collected for, for the purposes of using our services, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. However, all Personal Data documents, records and files will be securely retained for a minimum of 5 years, as required under the Consumer Protection Regulations and Consumer Protection Standards issued by the CBUAE. Such retention period shall be calculated from the date of closing of your Account.
17.1. Information security
17.1.1. The Internet is not a secure medium. However, we have put in place a range of security procedures, as set out in this Policy. Where you have been allocated an account on the Platform, this area is protected by your username and password, which you should never divulge to anyone else.
17.1.2. We are committed to ensuring that your Personal Data is secure. To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the Personal Data we collect via our Platform. We use industry-standard technical mechanisms and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your Personal Data.
17.1.3. Please be aware that communications over the Internet, such as emails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered. This is the nature of the world wide web/internet. While we make our best efforts to secure personal data and facilitate access to your Personal Data, it is important to note that no transmission over the internet or any method of electronic storage can be guaranteed to be 100% secure. We cannot accept responsibility for any unauthorized access or loss of Personal Data that is beyond our control.
17.1.4. We will use reasonable endeavors to implement appropriate policies, rules, and technical measures to protect the Personal Data that we have under our control (having regard to the type and amount of that data) from unauthorized access, improper use or disclosure, unauthorized modification, unlawful destruction, or accidental loss.
17.1.5. We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of your data.
17.1.6. Our facilities are scanned on a regular basis for security holes and known vulnerabilities, to best ensure its security. Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the Personal Data confidential.
17.1.7. We also have mechanisms in place to access your Personal Data in case of an actual or technical failure. We also ensure testing and evaluation of our technical and organizational measures at regular intervals to gauge the effectiveness of such measures.
17.2. No guarantee
17.2.1. Without prejudice to our efforts on the protection of your Personal Data, nothing contained in this Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk.
17.2.2. Please note, that we do not guarantee that your Personal Data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Please, always check that any website on which you are asked for financial or payment information in relation to our services is in fact legitimately owned or operated by us.
17.2.3. If you do receive any suspicious communication of any kind or request, do not provide your information and report it to us by contacting our offices immediately at dpo@stix.co. Please also immediately notify us at dpo@stix.co if you become aware of any unauthorized access to or use of your account.
17.2.4. Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us or sent and received from us by internet or wireless connection, including email, phone, instant messaging service, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at dpo@stix.co.
17.3. Data breaches
17.3.1. In the event of an actual or potential infringement or breach of your Personal Data that would prejudice the privacy, confidentiality, and security of such Personal Data, we shall immediately
18.1. If you have any questions about our Policy as outlined above, or if you have any complaints, please contact us at dpo@stix.co.
18.2. If you have any queries or issues pertaining to your information or our Policy, then please do write to us at any time by emailing us at dpo@stix.co.