XTRM, Inc. Privacy Policy including GDPR

Your Privacy Rights

This Privacy Policy describes your privacy rights regarding our collection, use, storage, sharing and protection of your personal information. It applies to the XTRM website and all related sites, applications, services and tools regardless of how you access or use them.

Scope and Consent

You accept this Privacy Policy when you sign up for, access, or use our products, services, content, features, technologies or functions offered on our website and all related sites, applications, and services (collectively “XTRM Services”). This Privacy Policy applies US law and is intended to govern the use of XTRM Services by our users (including, without limitation those who use the XTRM Services in the course of their trade or business) in the United States, unless otherwise agreed through contract. We may amend this Privacy Policy at any time by posting a revised version on our website. The revised version will be effective as of the published effective date. In addition, if the revised version includes a substantial change, we will provide you with 30 days’ prior notice by posting notice of the change on the "Policy Updates" page of our website. After this 30-day notice period, you will be considered as having expressly consented to all amendments to this Privacy Policy.

Collection of Personal Information

We collect the following types of personal information in order to provide you with the use of XTRM Services, and to help us personalize and improve your experience. 

Information we collect automatically: When you use XTRM Services, we collect information sent to us by your computer, mobile phone or other access device. The information sent to us includes, but is not limited to, the following: data about the pages you access, computer IP address, device ID or unique identifier, device type, geo-location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the sites, referral URL, ad data, and standard web log data and other information.


Information you provide to us: We may collect and store any information you provide us when you use XTRM Services, including when you add information on a web form, add or update your account information, or when you otherwise correspond with us regarding XTRM Services.

When you use XTRM Services, we also collect information about your transactions and your activities. In addition, if you open a XTRM account or use XTRM Services, we may collect the following types of information:

  • Contact information, such as your name, address, phone, email and other similar information.

  • Financial information, such as the full bank account numbers.

  • Detailed personal information such as your date of birth or national ID number.

We may also collect information from or about you from other sources, such as through your contact with us, including our customer support team, your results when you respond to a survey and from other accounts we have reason to believe you control (whether in part or in whole). Additionally, for quality and training purposes or for its own protection, XTRM may monitor or record its telephone conversations with you or anyone acting on your behalf. 

Information from other sources: We may also obtain information about you from third parties such as credit bureaus and identity verification services. 

Authentication and Fraud Detection: In order to help protect you from fraud and misuse of your personal information, we may collect information about you and your interactions with XTRM Services. 

Using Your Mobile Device: We may offer you the ability to connect with XTRM Services using a mobile device, either through a mobile application or via a mobile optimized website. The provisions of this Privacy Policy apply to all such mobile access and use of mobile devices.

How We Use the Personal Information We Collect

Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We may use your personal information to:

  • provide XTRM Services and customer support;

  • process transactions and send notices about your transactions;

  • verify your identity, including during account creation and password reset processes;

  • resolve disputes, and troubleshoot problems;

  • manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities;

  • detect, prevent or remediate violations of policies or applicable user agreements;

  • improve the XTRM Services by customizing your user experience;

  • measure the performance of the XTRM Services and improve their content and layout;

  • manage and protect our information technology infrastructure;

  • contact you at any telephone number, by placing a voice call or through text (SMS) or email messaging, as authorized by our User Agreement;

  • perform creditworthiness and solvency checks, compare information for accuracy and verify it with third parties.

We may contact you via electronic means or postal mail to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to poll your opinions through surveys or questionnaires, or as otherwise necessary to service your account. Additionally, we may contact you to inform you about XTRM Services. Finally, we may contact you as necessary to enforce our policies, applicable law, or any agreement we may have with you. To reach you as efficiently as possible, we may contact you via phone, and may use autodialed or prerecorded calls and text messages as described in our User Agreement. Where applicable and permitted by law, you may decline to receive certain communications.


We do not sell or rent your personal information to third parties for their marketing purposes. We respect your communication preferences. If you no longer wish to receive notifications via our application, you can adjust your preferences by visiting the settings page of the application.


How We Use Cookies and Similar Technologies

When you access our website or use XTRM Services, we (including companies we work with) may place small data files on your computer or other device. These data files may be cookies, pixel tags, e-tags, "Flash cookies," or other local storage provided by your browser or associated applications (collectively "Cookies"). We use these technologies to help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our sites and XTRM Services.You are free to decline our Cookies if your browser or browser add-on permits, unless our Cookies are required to prevent fraud or ensure the security of websites we control. However, declining our Cookies may interfere with your use of our website and XTRM Services.

How We Protect and Store Personal Information

Throughout this Privacy Policy, we use the term "personal information" to describe information that can be associated with a specific person and can be used to identify that person. We do not consider personal information to include information that has been made anonymous so that it does not identify a specific user.

Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, the use of third-party service providers. We, and third-party service providers on our behalf, store and process your personal information in the United States and elsewhere in the world. If your information is transferred to other countries, including countries which may not have data protection laws that provide the same level of protection that exists in your country, we will protect the information as described in this Privacy Policy.

We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to data centers, and information access authorization controls.


How We Share Personal Information with Other XTRM Users

When transacting with others, we may provide those parties with information about you necessary to complete the transaction, such as your name, account ID, contact details, or other information needed to promote the reliability and security of the transaction. If a transaction is held, fails, or is later invalidated, we may also provide details of the unsuccessful transaction. 

How We Share Personal Information with Other Third Parties

We may share your personal information we collect from you, including your name, contact details, and transactions and activities, with:

  • Credit bureaus and collection agencies to report account information, as permitted by law.

  • Law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to XTRM or one of its affiliates; when we need to do so to comply with law or credit card rules; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement.

  • Other unaffiliated third parties, for the following purposes:

    • Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk.  For example, if you use the XTRM Services to buy or sell goods using eBay Inc. or its affiliates (“eBay”), we may share account information in order to help protect your accounts from fraudulent activity, alert you if we detect such fraudulent activity on your accounts, or evaluate credit risk.

    • Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional). 

    • Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing verification requirements.


How You Can Access or Change Your Personal Information

You can review and edit your personal information at any time by logging into your account and reviewing your account settings and profile. You can also close your account through the XTRM website. If you close your XTRM account, we will mark your account in our database as "Closed," but may retain personal information from your account for a certain period of time and disclose it in a manner consistent with our practices under this Privacy Policy for accounts that are not closed. We also may retain personal information from your account to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce our User Agreement, or take other actions as required or permitted by law.

XTRM Inc – Privacy Notice and GDPR Compliance



This Privacy Notice sets out how the XTRM Inc processes data, whether on individuals (including personal data in respect of individuals who are clients, intermediaries or other third parties the XTRM Inc interact with, or any individual who is connected to those parties) or otherwise. Where the data held are on individuals, this document also sets out the rights of those individuals in respect of that personal data.


Any questions in relation to this Privacy Notice or requests in respect of personal data should be directed to dataprotection@xtrm.com.


Who we are

XTRM Inc is a payment processing provider that aggregates end-point transfer mechanisms that enable a payment recipient to transfer or withdraw payments to one or many payment end-points.


The relevant XTRM Inc entity with the primary relationship will be confirmed in an engagement letter in relation to any client relationship.


Please note that XTRM Inc operates a global Data Protection Policy.


The data we hold

XTRM Inc processes data in order to provide payment processing services. The type of data we may collect and process includes:


·         Contact details (including names, postal addresses, email addresses and telephone numbers);

·         Information required for XTRM Inc to meet legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including information on source of funds and source of wealth;

·         Financial information, such as payment related information;

·         Any other information you may provide to us.


Purposes of processing

We use data (including personal data of individuals) for the following purposes (the below also confirming the lawful basis we are relying on in each case):



Lawful Basis for Processing

To enter into client relationships and provide payment processing services

Any one or more of the following:

The legitimate interest of XTRM Inc as a provider of payment processing services to process personal data for the purpose of providing those services

In instances where an individual has been provided with this Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent. Consent may be withdrawn at any time by writing to dataprotection@xtrm.com

Where the client is an individual: to fulfil the contract we have entered into with the individual to provide payment processing services

To manage our client, intermediary and other business relationships

The legitimate interests of XTRM Inc to seek to ensure its business is conducted efficiently and with a view to enhancing client service

To ensure the security of XTRM systems, staff and premises (including the use of CCTV equipment)

The legitimate interests of XTRM Inc in protecting its systems, staff and premises from being misused or the victim of any criminal activity

To provide access to our Client Portal or API

The legitimate interests of XTRM Inc and the user of the Portal or API for the communication and storage of relevant material (such use being subject to the terms and conditions of the relevant Portal or API)

In instances where any user of any Portal or API has been provided with this Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent. Consent may be withdrawn at any time by writing to dataprotection@xtrm.com

To provide our contacts with marketing material and to invite contacts to events which may be of interest to them, and to manage such mailings and events

The legitimate interests of XTRM Inc as a provider of payment processing services to process personal data to communicate with persons on topics and events which may be of interest to those individuals.

The right of those individuals to unsubscribe from mailings and/or manage preferences will be noted within all mailings and

any requests to unsubscribe may be made via links available in the mailings.

To meet all legal, regulatory and ethical obligations applicable to XTRM Inc (including in respect of managing potential conflicts of interest)

The legitimate interests of XTRM Inc as a provider of payment processing services to process data to the extent necessary to ensure it meets all legal, regulatory and ethical obligations incumbent on it.

In certain instances, the processing of data may also be necessary for the exercise of functions of public authorities and/or necessary for compliance with a legal obligation to which XTRM Inc is subject

For the purposes of internal know-how and training


The legitimate interests of XTRM Inc as a provider of payment processing services to process data for the purposes of internal know-how and staff training. XTRM Inc will use reasonable endeavours to ensure any personal data contained in the material which is not integral to the understanding of the material is redacted.



In certain instances, personal data processed may include "Special Category Data" (which includes information on a person's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, data on a person's sex life or sexual orientation or data relating to a person's criminal record or alleged criminal activity). In such instances, legal bases for processing that data may include explicit consent (where the Special Category Data has been provided to XTRM Inc by the data subject for any of the above-listed purposes) or the processing being necessary for compliance with a legal obligation or the purposes of legal proceedings or legal advice.


Sources and Recipients of data

The sources of data may include clients, intermediaries, data subjects directly, third parties connected to the data subject (for example, their employer or another service provider who provides services to the data subject) or open-source material.


The provision of data to one entity in XTRM Inc may result in that data being accessible by all other members of the XTRM Inc. Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to be restricted in any particular manner should be made to dataprotection@xtrm.com and will be considered and, where possible with reference to legal and regulatory obligations, actioned.


The following is a list of potential recipients of data (in each case including respective employees, directors and officers):

·         Other members of the XTRM Inc;

·         Other providers of services (legal, governance or otherwise, including any bank or financial institution providing services in relation to any matter on which XTRM Inc is instructed) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;

·         Any sub-contractors, agents or service providers of the XTRM Inc;

·         Courts or tribunals;

·         Third parties with whom XTRM Inc engages for the hosting of events or other marketing initiatives;

·         Law enforcement agencies where considered necessary for XTRM Inc to fulfil legal obligations applicable to it;

·         Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;

·         Any registrar of a public register where the data is to be included in a public registry;

·         Potential parties with whom XTRM Inc intends to merge or sell any part of the XTRM Inc.


Where XTRM Inc is entering into an engagement with a third party pursuant to which data may be processed by that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorized or accidental use, access, disclosure, damage, loss or destruction.


In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation we will ensure we meet the relevant requirements of that Data Protection regulation prior to carrying out any such transfer. This may include only transferring the data where we are satisfied that:

·         the non-European Union country has Data Protection laws similar to the laws in the European Union;

·         the recipient has agreed through contract to protect the information in the same Data Protection standards as the European Union;

·         we have obtained consent from relevant data subjects to the transfer; or

·         if transferred to the United States of America, the transfer will be to organizations that are part of the Privacy Shield.


Rights of data subjects

Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data.

Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing) should send the request in the first instance to dataprotection@xtrm.com.


In any case in which a data subject chooses not to provide any personal data or where any of the rights set out above are exercised to limit the processing of personal data the XTRM Inc may be unable to provide relevant services, or there may be a restriction on the services which can be provided.



XTRM Inc only keeps data for as long as necessary to fulfil the purposes (as set out above) for which we collected it. The XTRM Inc policy is to retain data in relation to a client matter for 11 years from the conclusion of that matter. This is subject to certain exceptions (including where the matter relates to wills & probate, property and conveyancing and trusts (where, in each case, records may be kept indefinitely) or in instances where the personal data is relevant to a dispute after closure of the matter or where the data cannot be deleted for legal, regulatory or technical reasons).


Any requests for further information in relation to the continued processing of specific data, and requests for destruction of data, should be made to dataprotection@xtrm.com.


Contact Details

XTRM Inc has a Data Protection Officer and all enquiries in respect of this Privacy Notice or any request to exercise any of the rights set out above should be directed to the Data Protection Officer via dataprotection@xtrm.com.


Changes to this Privacy Notice

We keep this Privacy Notice under review and any updates will appear on our website at www.xtrm.com.

We last updated this Privacy Notice on 1 August 2019.


How to contact us

If you have any questions about this Privacy Notice or any data which we hold about you, please contact: dataprotection@xtrm.com.

Questions regarding this Policy or the practices of this Site should be directed to XTRM's Security Administrator by posting   such questions at support.xtrm.com or by regular mail addressed to XTRM, Inc. 303 Twin Dolphin Drive, 6th Floor, Redwood City, California, 94065 Contact us on 1.866.367.9289, email compliance@xtrm.com