Privacy Policy

Table of Contents

• Summary

• Owner and Data Controller

• Types of Data Collected

• Mode and Place of Processing the Data

• Purposes of Processing

• Detailed Information on the Processing of Personal Data

• Data Security

• Cookie Policy

• Further Information for Users in the European Union

• Additional Information About Data Collection and Processing

• Definitions and Legal References

1. Summary

Data We Collect Automatically

When you visit www.kinetic-exchange.com, we automatically collect certain data, including:

• Usage Data

• Device information

• Trackers

• City-level location data (latitude of city)

• Country calling codes and similar technical identifiers

Trusted third parties assist us in processing this data.

How We Use Automatically Collected Data

• Platform services and hosting

• Tag management

• Spam and bot protection

• Traffic optimization and content distribution

Data You Provide to Us

We collect Personal Data that you voluntarily provide while using our services, including contact and location details such as city, postcode, and country.

Trusted third parties may assist us in processing this data.

Client Onboarding and Financial Data

The payment, FX, and trade finance services we arrange are provided by our regulated partners, including Ebury Partners UK Limited, Currency Cloud Limited, Equals Money Plc, and Sciopay Ltd, who are authorised by the Financial Conduct Authority (FCA) and other relevant regulators.

As a condition of accessing these services, our partners require us to collect certain personal and financial data from clients on their behalf. This is a legal requirement under Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations, and we have no discretion to waive it.

This data is collected solely to fulfil the onboarding and compliance requirements of our regulated partners, and to enable the delivery of FX, payment, and trade finance services. It is not used for any other purpose.

Managing Your Privacy Preferences

You can manage cookies and tracking preferences through your browser settings or by contacting us directly.

2. Owner and Data Controller

Kinetic Exchange Limited
124 City Road
London, England EC1V 2NX

Contact email: info@kinetic-exchange.com

3. Types of Data Collected

This Application may collect the following types of Personal Data, either directly or through third-party services:

Website Data

• Usage Data

• Device information

• Trackers

• City, ZIP/Postal code, state, province, county, country

• Latitude and longitude (city-level)

• Metro area and geographic region

• IP address

• App information and device logs

• Browser, operating system, and language

• Launches, number of sessions, session duration

• Page views, scrolling behavior, mouse movements

• Clicks, keypress events, touch and motion sensor events

• Video views

• Browsing and search history

• Custom events and interaction data

Client and Financial Data

To access the regulated services provided by our partners, we are required to collect the following data on their behalf:

• Identify docuemtns and KYC information

• Financial account details and transaction records

• Corproate documentation and beneficial ownership information

• Communications and correspondence relating to your account

Providing this data is a mandatory requirement of our regulated partners and cannot be waived. Without it, we are unable to arrange services on your behalf.

4. Mode and Place of Processing the Data

Methods of Processing

We take appropriate security measures to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.

Data processing is carried out using IT-enabled tools and organizational procedures strictly related to the stated purposes.

Access to Personal Data may be granted to:

• Internal personnel (administration, sales, marketing, legal, IT)

• External service providers acting as Data Processors

An updated list of Data Processors is available upon request.

Place of Processing

Personal Data is processed at our operating offices and at locations where our service providers are based.
Depending on your location, data transfers may occur outside your country.

Where we use third-party service providers based outside the UK or EEA (including US-based providers such as Cloudflare and Google), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms as recognised under UK data protection law.

Client financial data processed through our regulated partners (including Ebury Partners UK Limited, Currency Cloud Limited, Equals Money Plc, and Sciopay Ltd) is subject to their own regulatory obligations and data protection frameworks. These partners, hold the relevant FCA authorisations and bear primary compliance responsibility for the data they require us to collect. Details of their data practices are available upon request.

Retention Time

To comply with the legal obligations of our regulated e-money partners, we retain your personal data and transaction records for a minimum of five years following the termination of our business relationship or the completion of a transaction.

5. Purposes of Processing

We collect and process Personal Data in order to:

• Provide and maintain our services

• Comply with legal obligations

• Respond to lawful requests

• Protect our rights and interests

• Detect and prevent fraud, spam, and malicious activity

• Collect KYC and AML data on behalf of our regulated partners as a condition of arranging services

• Execute transaction and manage client accounts

• Communicate with clients regarding hteir accounts and relevant market information

Specific processing purposes include:

• Platform services and hosting

• Tag management

• Spam and bot protection

• Traffic optimization and distribution

6. Detailed Information on the Processing of Personal Data

Platform Services and Hosting

Hostinger

• Provider: Hostinger UK Limited

• Place of processing: United Kingdom

• Personal Data processed:

  • Device information

  • Usage Data

Spam and Bots Protection

Cloudflare Bot Management

• Provider: Cloudflare, Inc.

• Place of processing: United States

• Personal Data processed includes:

  • App and device information

  • IP address

  • Location data

  • Interaction, session, and behavioral data

Tag Management

Google Tag Manager

• Provider: Google LLC

• Place of processing: United States

• Personal Data processed:

  • Trackers

  • Usage Data

Traffic Optimization and Distribution

Cloudflare

• Provider: Cloudflare, Inc.

• Place of processing: United States

• Personal Data processed:

  • Trackers

  • Data types described in Cloudflare’s privacy policy

FX and Payment Services: Regulated Providers

• Ebury Partners UK Limited

• Currency Cloud Limited

• Equals Money PLc

• Sciopay Ltd

We collect client personal and financial data on behalf of these partners as a condition of arranging access to their services. Each partner operates under its own regulatory framework and data protection obligations. Data Processing Agreements are in place with each provider. Full details are available upon request.

7. Data Security

We are committed to protecting your personal and financial data. The ecruity measures we have in place include:

• Encryptions of sensitive data in transit (TLS) and at rest

• Role-based access controls, ensruing dataa is accessible only to authorised staff

• Secure, UK-hosted infrastructure for our primary systesm

• Data Processing Agreements with all third-party processors

• Regular review of our information security practices

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required. We maintain an internal breach response procedure for this purpose.

8. Cookie Policy

This Application uses cookies and other Trackers to provide and optimize the Service.

Users can control or disable cookies through their browser settings.
Further details are available in our Cookie Policy.

9. Further Information for Users in the European Union

Legal Basis of Processing

We process Personal Data when one of the following applies:

• User consent

• Performance of a contract

• Compliance with legal obligations

• Public interest or official authority

• Legitimate interests

Retention Period

• Contract-related data is retained until the contract is fulfilled

• Data processed for legitimate interests is retained as long as necessary

• Data may be retained longer when required by law or consent

Once retention periods expire, Personal Data is deleted.

GDPR User Rights

Users have the right to:

• Withdraw consent at any time

• Object to processing

• Access their Personal Data

• Request correction or deletion

• Restrict processing

• Receive and transfer their data

• Lodge a complaint with a supervisory authority

Requests can be submitted via the contact details above and will be addressed within one month.To lodge a complaint with the UK supervisory authority, contact the ICO at ico.org.uk or call 0303123113

10. Additional Information About Data Collection and Processing

Legal Action

Personal Data may be used for legal purposes or disclosed when required by law or public authorities.

System Logs and Maintenance

System logs and IP addresses may be collected for operational, security, and maintenance purposes.

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time.
Users are encouraged to review this page regularly. Where required, new consent will be obtained.

11. Definitions and Legal References

Personal Data
Any information that identifies or can identify a natural person.

Usage Data
Information collected automatically through this Application, such as IP address, browser type, session duration, and navigation paths.

User
The individual using this Application.

Data Subject
The person to whom the Personal Data refers.

Data Processor
An entity processing Personal Data on behalf of the Data Controller.

Data Controller / Owner
Kinetic Exchange Limited.

Application
The website and services through which Personal Data is collected.

Service
The functionality provided by this Application.

European Union (EU)
Includes EU and EEA member states.

Cookie / Tracker
Technologies used to track user activity, including cookies, scripts, and identifiers.

Legal Information
This Privacy Policy applies solely to this Application unless otherwise stated.

Standard Cotractual Clauses (SCC's)

Legal mechanisms approved under UK/EU data protection law to ensure adequate protection for data transferred to third countries.