Privacy Policy XM

Privacy Policy XM defines how your personal data is collected, used, stored, and protected throughout your engagement with the platform. The policy ensures full transparency and aligns with international data protection regulations to safeguard user privacy and trust.
As an online trading platform, XM handles sensitive information such as identity details, financial data, and trading history. Understanding the privacy policy helps you know what’s being shared, with whom, and for what purpose. Let’s explore the key highlights every trader should know.

What is the Privacy Policy XM?

What is the Privacy Policy XM
What is the Privacy Policy XM
Privacy Policy XM outlines how the broker collects and uses personal, trading, and technical data including name, contact information, KYC documents, trading history, and IP address for purposes such as regulatory compliance, service personalization, and legal reporting, and it applies to all users, including demo account holders. Here’s a breakdown of the policy’s core components:

What information does XM collect from users?

XM collects a range of personally identifiable and technical data, such as:
  • Full name, email address, phone number
  • Proof of identity and address (for KYC verification)
  • Trading activity (orders, instruments, volumes, and performance)
  • Device information including IP address, browser type, OS, and location
  • Communication logs (support chats, emails, phone calls)
This data is collected during account registration, login sessions, trading activity, and customer support interactions.

Why does XM collect this data?

XM collects user data for the following key reasons:
  • Regulatory compliance: To meet global standards for KYC (Know Your Customer) and AML (Anti-Money Laundering) under authorities like CySEC and ASIC.
  • Service improvement and personalization: To optimize trading experience, detect platform issues, and tailor content (e.g., language, educational materials).
  • Legal and operational use: Required for tax reporting, transaction audits, and handling disputes or chargebacks.
All data processing is done according to GDPR standards (for EU clients) and other relevant privacy frameworks.

Does the privacy policy apply to demo account users too?

Yes. XM’s privacy policy applies regardless of account type, including:
  • Live accounts
  • Leads or prospects who register without completing verification
Even if no real-money trades are made, data like email, IP address, and platform usage is still collected to ensure compliance and improve user services.

How Does XM Use and Store Personal Data?

How Does XM Use and Store Personal Data
How Does XM Use and Store Personal Data
XM uses and stores personal data with a focus on security, compliance, and controlled access, employing SSL encryption, secure servers, and data retention policies based on legal obligations, while sharing data only with authorized service providers and never with marketers. Here’s how XM manages your data across three key dimensions:

Is my data encrypted and securely stored by XM?

Yes. XM uses industry-standard SSL (Secure Socket Layer) encryption to protect all data transmitted between the user and its platforms:
  • Encryption protocols cover web traffic, logins, trading operations, and document uploads.
  • Personal data is stored on secure servers with restricted access, monitored continuously to prevent unauthorized intrusion.
  • Internal access is granted only to authorized personnel, bound by strict confidentiality agreements.
This infrastructure ensures that your sensitive data such as identity documents and financial information remains protected from external threats.

How long does XM retain your data?

XM adheres to data retention policies based on regulatory requirements, which vary by jurisdiction:
  • Typically retained for 5–7 years after account closure, in line with rules from CySEC, ASIC, and other financial regulators.
  • Under GDPR, you have the right to request data deletion in certain cases, such as:
    • You no longer have an active account.
    • There is no legal obligation to retain the data.
    • You withdraw consent for marketing-related data use.
XM evaluates each request for erasure based on local laws and the nature of the data involved.

Does XM share personal data with third parties?

Yes, but only under controlled conditions. XM may share personal data with third-party service providers, such as:
  • Payment processors
  • Compliance tools (e.g., identity verification platforms)
  • Cloud infrastructure and analytics providers
However:
  • All third parties operate under strict data processing agreements (DPAs).
  • XM does not sell or lease user data to external marketing agencies.
  • Any sharing is conducted in line with GDPR and applicable financial data laws.
Users can review or adjust marketing preferences via account settings or by contacting XM support.
See more XM trading products:

Is XM Compliant with Global Data Protection Laws?

Is XM Compliant with Global Data Protection Laws
Is XM Compliant with Global Data Protection Laws
Yes, XM is compliant with global data protection laws, including full GDPR compliance for EU clients, adherence to regional data privacy rules under ASIC, CySEC, and FSC, and the use of standard contractual clauses (SCC) to secure cross-border data transfers. These measures ensure that client data is handled with legal, technical, and operational safeguards across all jurisdictions where XM operates.

Is XM GDPR compliant for EU clients?

Yes. XM meets the requirements of the General Data Protection Regulation (GDPR) for clients based in the European Union:
  • Data subject rights include:
    • Access to personal data stored by XM
    • Correction of inaccurate data
    • Erasure (“right to be forgotten”) when conditions apply
    • Restriction of processing and data portability
  • XM has appointed a Data Protection Officer (DPO) responsible for:
    • Overseeing compliance across departments
    • Handling user privacy requests
    • Reporting to supervisory authorities when required
EU clients can submit GDPR-related inquiries or requests via the [email protected] email channel.

Does XM follow data privacy regulations in other regions?

Yes. In addition to GDPR, XM complies with regional data protection standards based on the jurisdiction of its legal entities:
  • ASIC (Australia) – Adheres to the Australian Privacy Principles (APPs) under the Privacy Act 1988
  • CySEC (Cyprus) – Oversees EU-based compliance, mirroring GDPR standards
  • FSC (Belize) – Implements data controls under international financial regulation frameworks
Each XM group entity (e.g., XM Global, XM Australia, XM EU) maintains a region-specific privacy policy, reflecting the data handling obligations in that area.

How does XM handle cross-border data transfers?

To ensure lawful and secure international data transfers, XM uses:
  • Standard Contractual Clauses (SCCs) issued by the European Commission
    • These legally binding templates safeguard data moved to countries outside the EEA.
    • SCCs are incorporated into agreements with third-party service providers (e.g., cloud infrastructure, analytics platforms).
  • Additional technical measures:
    • Encrypted transmission
    • Role-based data access
    • Audit trails and breach response protocols
This ensures that even when data leaves the EU, it retains a high level of protection aligned with GDPR expectations.

What Are Your Rights Under the XM Privacy Policy?

What Are Your Rights Under the XM Privacy Policy
What Are Your Rights Under the XM Privacy Policy
Under the Privacy Policy XM, you have the right to access, correct, or delete your personal data, restrict or object to certain types of data processing such as marketing or tracking, and receive immediate notification in the event of a data breach along with protective measures. These rights are granted under international data protection laws like GDPR, and XM outlines specific channels for users to exercise them.

Can you access, correct, or delete your personal data?

Yes. XM allows clients to:
  • Access their stored personal data, including identity documents, account history, and contact details.
  • Request corrections to inaccurate or outdated information.
  • Request deletion of data under certain conditions (e.g., account closed, no pending legal obligations).
These actions can be taken through:
  • The XM Member Area (for basic updates)
  • Or by submitting a formal request via customer support or the Data Protection Officer
Limitations apply:
  • XM must retain some data for legal and regulatory reasons (typically 5–7 years), especially for anti-money laundering (AML) and tax purposes.

How can you restrict or object to data processing?

XM respects user preferences when it comes to non-essential data use, and offers options to:
  • Opt out of marketing communications, either through email settings or contacting support.
  • Control cookie use and analytics tracking by adjusting browser settings or using consent banners on XM websites.
  • In specific jurisdictions (e.g. EU under GDPR), users may file an objection to data profiling or automated decision-making.
While core account data processing (e.g. for compliance) cannot be blocked, XM minimizes optional tracking when users opt out.

What happens if there’s a data breach at XM?

In the event of a breach involving personal data:
  • XM is required to issue prompt notification to affected users, in accordance with regulatory frameworks like GDPR Article 33.
  • The company will implement immediate mitigation steps, such as:
    • Isolating the breach source
    • Revoking unauthorized access
    • Resetting compromised credentials
XM also maintains security protocols and encrypted storage to reduce breach likelihood, and periodically audits its infrastructure for vulnerabilities.

How Can You Review or Update Your Privacy Preferences on XM?

How Can You Review or Update Your Privacy Preferences on XM
How Can You Review or Update Your Privacy Preferences on XM
You can review and update your privacy preferences on XM by navigating to the Members Area, where you can manage email communications and data sharing settings. Additionally, XM supports data portability upon request and provides a dedicated contact channel for privacy concerns, with responses aligned to GDPR standards. Here’s how each aspect works:

How to access privacy settings in the XM Members Area

To manage your privacy preferences:
  • Log in to the XM Members Area.
  • Navigate to Account → Preferences → Privacy Settings.
  • There, you can:
    • Opt in or out of marketing emails and SMS alerts.
    • Control data sharing preferences (e.g., with analytics or support providers).
    • Update consent for optional cookies and platform personalization.
Changes are applied in real-time, and users can revisit these settings at any time.
See more:

Can you request data portability from XM?

Yes. Under GDPR Article 20, XM allows clients to request data portability:
  • Submit a formal request via support or email to the Data Protection Officer.
  • XM will compile your personal data (e.g., account info, activity logs) into a machine-readable format (commonly CSV or JSON).
  • This allows you to transfer your data to another broker or platform, if needed.
XM typically processes such requests within 30 calendar days, unless extensions are needed due to complexity.

Who to contact for privacy concerns at XM?

For data-related issues, XM provides a dedicated email address for privacy matters:
  • Email: [email protected] (or equivalent listed in your jurisdiction’s privacy policy)
  • Issues may include:
    • Data access/deletion requests
    • Objections to processing
    • Data breach inquiries
Response time:
  • In line with GDPR standards, XM will respond within 30 days of receiving the request.
  • Complex cases may be extended to 60 days, with notification.
By familiarizing yourself with Privacy Policy XM, you take an important step in securing your digital presence and understanding your rights as a user. Informed traders are confident traders and that starts with knowing how your data is managed.

Leave a Reply

Your email address will not be published. Required fields are marked *