Understanding XM’s Privacy Policy Framework in Malaysia
At XM, we prioritise securing your personal and trading data within Malaysia. Our privacy policy outlines how we collect, handle, and store information according to Malaysian laws. We apply international security standards while respecting local regulations to safeguard your data. This framework covers registration details, transaction histories, communications, and platform analytics. All XM platforms including MT4, MT5, and mobile apps follow these strict privacy measures.
Data collected covers several categories essential for service delivery and compliance. We gather personal identification, financial details, technical device data, and communication records. Each data type is processed with care and stored securely, with access limited to authorised staff only. We update our policies regularly to adapt to regulatory shifts and technological improvements.
| Data Type | Collection Method | Storage Duration | Access Level |
|---|---|---|---|
| Personal Details | Registration Form | Account Lifetime | Restricted |
| Trading Records | Platform Activity | 7 Years | Compliance Team |
| Communication | Support Channels | 5 Years | Customer Service |
| Technical Data | Automatic Collection | 2 Years | IT Security |
We ensure data collection is transparent and necessary for your trading activities. Our protocols make sure your data is handled responsibly at every stage.
Personal Data Collection and Processing Methods
When registering with XM in Malaysia, you provide essential personal information such as your name, address, and identity document numbers. This data is necessary to verify your identity and comply with local regulations. Trading activity data is automatically collected to enhance service quality and monitor risks.
We process your data for specific business objectives. These include confirming your identity, preventing fraudulent activities, optimising platform performance, and fulfilling regulatory reporting. Consent is sought for marketing and optional services, ensuring data is not used beyond declared purposes without your approval.
Account Verification Data Requirements
Verification mandates submission of valid Malaysian ID documents like MyKad or passport. Address proof requires recent utility bills or bank statements matching your registered address. Documents must be clear and up-to-date to avoid delays. XM stores these documents securely using encryption and restricts access to compliance officers only.
Data Security Measures and Encryption Protocols
At XM, we employ multiple security layers to protect your data in Malaysia. SSL/TLS protocols secure data transmission, while AES-256 encryption safeguards stored information. Our infrastructure features firewalls and intrusion detection systems that operate continuously. We separate trading data from personal details to limit exposure risks.
Access to data is controlled via role-based permissions, with all access logged and monitored for unusual activity. Regular penetration tests and security audits validate our defences. Frequent backups encrypted with the same standards ensure data recovery capability in emergencies.
| Security Layer | Technology Used | Update Frequency | Monitoring Level |
|---|---|---|---|
| Data Transmission | SSL/TLS 1.3 | Continuous | Real-time |
| Data Storage | AES-256 | Annual Review | 24/7 Automated |
| Access Control | Multi-factor Auth | Monthly | Audit Logs |
| Network Security | Advanced Firewall | Weekly Updates | Continuous |
Third-Party Data Sharing and Partnerships
XM shares your data with third parties only when essential for operations or legal obligations in Malaysia. Payment processors receive limited transaction data to handle deposits and withdrawals securely. Regulatory bodies such as Bank Negara Malaysia may request data for oversight purposes.
Service providers supporting our infrastructure access only necessary data under strict contracts. We audit these partners regularly to confirm compliance with our privacy standards. XM explicitly forbids selling personal data or sharing with unrelated entities without consent.
Payment Processor Data Handling
Transaction details sent to payment processors include bank information and amounts, limited strictly to processing needs. Our partners comply with PCI DSS standards and secure data with encryption. We monitor their data retention policies to ensure timely deletion post-processing.
Data Retention Policies and Deletion Procedures
XM retains your account and trading data according to Malaysian financial regulations. Account verification documents are stored for seven years after account closure. Trading records are also preserved for seven years to comply with legal requirements and dispute resolution.
Communication logs such as support tickets are kept for five years to maintain service quality. Marketing preferences remain until you withdraw consent or close your account. We employ secure deletion methods including cryptographic erasure and physical destruction after retention periods expire.
| Data Category | Retention Period | Deletion Method | Verification Process |
|---|---|---|---|
| Identity Documents | 7 Years | Secure Overwrite | Audit Trail |
| Trading History | 7 Years | Cryptographic Erasure | Compliance Check |
| Support Records | 5 Years | Physical Destruction | Certificate Issued |
| Technical Logs | 2 Years | Automated Purge | System Verification |
Your Privacy Rights and Data Control Options
As a Malaysian user, you have rights under XM’s privacy policy to access, correct, and control your personal data. You can request a full copy of your information in common digital formats within 30 days. Corrections to inaccurate data can be made through your account dashboard or by contacting support.
Data portability allows you to export your trading history and account details in formats like CSV and PDF. You may restrict certain data processing or withdraw marketing consent anytime. Essential account communications will continue unaffected by any consent withdrawal.
Data Access Request Procedures
To request access, provide your account number and specify the data category. Identity verification is mandatory before processing. Standard requests are free; extensive or complex data retrieval may incur fees after notification. Data is supplied via secure download links or direct file transfer.
Marketing Communications and Consent Management
XM sends trading updates, educational material, and promotional offers to Malaysian clients based on explicit consent. Communication channels include email, SMS, and phone calls. You can customise preferences and opt out anytime through your account settings.
Marketing content covers market analysis, platform updates, webinar invitations, and bonus notifications. Educational communications focus on improving your trading capabilities rather than sales. We respect your choices and adjust communication frequency accordingly.
| Communication Type | Content | Frequency |
|---|---|---|
| Market Analysis | Weekly insights and updates | Weekly |
| Feature Announcements | New tools and platform changes | As needed |
| Educational Webinars | Trading tutorials and workshops | Monthly |
| Promotional Offers | Bonuses and special deals | Occasional |
Privacy Policy Updates and Notification Procedures
We update our privacy policy as required by Malaysian law or operational needs. Major changes trigger email alerts and website announcements at least 30 days prior. Minor updates may be applied without advance notice but remain documented in version history.
Significant amendments affecting your rights require renewed consent. Continued platform use after notification counts as acceptance of new terms. You may withdraw consent and close your account if you do not agree with changes.
Update Notification Methods
Notification channels include direct emails, login alerts, website banners, and customer support messages. We recommend reviewing the privacy policy regularly to stay informed about your data protection. The latest policy version is always accessible via your account dashboard and XM’s website.
