Privacy Policy

Who we are

XCap Ecosystem Ltd, trading as Ownera (“We”, “Ownera”, “our”) are committed to protecting and respecting your privacy. We will only process your personal data where permitted by applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (as amended). 

Ownera as a Controller

When we provide services to clients, to the extent we process any personal data about client’s customers we act as a data processor. Clients should review our FAQs for further information. This privacy policy applies when Ownera acts as a Controller when conducting our business, for example when we recruit staff or respond to enquiries. It also applies to our shareholders.  

When we are a Controller, this means that we are responsible for deciding how we hold and use personal information about you. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will treat your personal data and your rights.

When do we collect your personal data? 

We use different methods to collect personal data from and about you including through: 

  • Your direct interactions with us: You may give us your personal data by filling in online forms or by corresponding with us by post, email or otherwise. This includes personal data you provide when you: 

    • Request our services; 

    • Request our newsletter be sent to you;

    • Give us feedback or otherwise contact us; or

    • When you apply to a job vacancy.

  • Automated technologies or interactions: As you interact with our website, we will automatically collect technical information. Please see the ‘Information we collect from you and our purposes and lawful bases for using it’ section below for further details on the technical information we collect. We may collect some of this personal data using cookies and other similar technologies. Please see the ‘Analytics’ section below and our Cookies Policy further details. 

  • Third parties and other available sources: We may receive personal data about you from other sources, such as conference organisers. Where you apply for a job vacancy we may also receive personal data about you from those who provide references and background check providers (including criminal convictions)   

Information we process and our purposes and lawful bases for using it

UK GDPR requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases, depending on the activities we are carrying out: 

  • Necessary for the entry into/ Performance of a contract with you: Where we need to perform a contract we are about to enter into or have entered into with you, we will need to collect and process your personal information. Failure to provide the requested personal information or objecting to this type of processing/ exercising your deletion rights, will result in us being unable to perform the contract we have or are trying to enter with you. 

  • Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

  • Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. 

  • Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose. 

In the case of special categories of personal data (such as information about your health), extra protections apply under UK GDPR and the Data Protection Act 2018. We therefore may only process such information in the following circumstances:

  • Where appropriate, where we have your explicit consent;

  • Where it is necessary for the purposes of performing or exercising obligations or rights in relation to employment law

We have set out below how we use the various types of your personal data, our purposes for processing it and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where applicable.

Where we intend to process the personal data you have provided for a purpose other than that for which the personal data was collected, we shall provide you with information on that other purpose and with any relevant further information prior to that further processing.

Analytics 

As set out in our Cookies Policy, we use Google Analytics on our website. This means that we may use cookies to collect online identifiers about your use of our website, including cookie identifiers, internet protocol addresses and device identifiers, which we may use for the purpose of better understanding your use of our website.

Google may transfer the personal data collected by it on our behalf outside of the United Kingdom. See here for further information on Google Analytics.

Marketing

From time to time, we may send you information regarding that which we perceive may be of interest to you or your business. You may receive this information by letter, telephone or email. If at any time you prefer not to receive further communications from us in any or all forms (except in connection with information, products or services that you specifically request) you will have the ability to opt-out from such communications by means of a link provided in e-mails that are sent to you by us.

Disclosure of your information

We may share your information with third parties including:

  1. Third party service providers, for example, our recruitment applicant tracking system provider, background checks providers, AML and KYC providers, professional advisors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services

  2. Analytics and search engine providers that assist us in the improvement and optimisation of our sites. 

  3. Any party which acquires Xcap Ecosystem Ltd or substantially all of its assets, in which case personal data held by it about its customers will be one of the transferred assets.

  4. Any other party as required by law, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of XCap Ecosystem Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we store your personal data

The data that we collect from you may be transferred to, stored and processed in any destination where Ownera or its affiliates, subsidiaries or facilities used by third party service providers have a presence; in some cases, your data may be transferred or accessed by support staff in the US. We will only transfer your data to a country outside the UK or the European Economic Area where that country ensures an adequate level of data protection within the meaning of the UK or we use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK. To obtain more information about these contractual safeguards, please contact our DPO, details provided in the ‘Contact’ section below. 

Keeping your data secure 

We have implemented appropriate technical and organisational measures to protect your data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed, taking into account the nature, scope, context and purpose of the processing and the risks involved in processing. Our measures to ensure the security of data in transit, include end-to-end encryption, strict access controls, and a layered set of security safeguards designed to prevent unauthorized access or tampering. These controls are supported by 24/7/365 monitoring and alerting to ensure continuous visibility and rapid response to potential security events.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of a site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

How long we will store your personal data

The personal data that we collect from you will be stored only for so long as is necessary to fulfil the purpose for which the data was collected, or to comply with applicable legal, tax or regulatory requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Your rights

If you reside in the UK, or are applying for a job or services based in the UK, you have the following rights:

  • to access your data (subject to the provisions of Article 15 of the UK GDPR). This is commonly known as making a “data subject access request” and enables you to reive a copy of the personal information we hold about you and to check that we are lawfully processing it.

  • to request that inaccurate data be rectified (subject to the provisions of Article 16 of the UK GDPR). This enables you to have any incomplete or inaccurate information we hold about you corrected. 

  • to request that your personal data be erased (subject to the provisions of Article 17 of the UK GDPR). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). 

  • to restrict the processing of your data (subject to the provisions of Article 18 of the UK GDPR). This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it. 

  • to request that your data is transferred to another Controller (subject to the provisions of Article 20 of the UK GDPR)

  • to object to processing of personal data (subject to the provisions of Article 21 of the UK GDPR). This means where we are relying on legitimate interest (or those of a third party), you can object to our processing of your personal data on this ground. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object. You also have the right to object where we are processing your personal information for direct marketing purposes. 

  • withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

Should you wish to exercise any of your rights under the UK GDPR please contact our Data Protection Officer (DPO) at the contact details/ address detailed in the ‘Contact’ section below. 

Complaints 

You also have the right to make a complaint if you feel that your personal data has not been handled correctly by us, you have been impacted by a data breach, or you are unhappy with our response to any rights requests you have made to us. 

In the first instance, you should contact us using at the contact details set out in the ‘Contact’ section below. We will acknowledge any complaints within 30 days of receipt, take appropriate steps to investigate, and respond without undue delay with details of the outcome of your complaint.

After receiving our response, if you wish to escalate the matter you have the right to lodge a complaint with the Information Commissioner’s Office, the UK regulator for data protection issues, whose contact details are available at www.ico.org.uk. 

You can contact the ICO by calling 0303 123 1113. Or go online to ico.org.uk/concerns (please note we can’t be responsible for the content of external websites). 

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Contact

We have appointed a data protection officer (DPO). If you have any questions, comments and requests regarding this privacy policy or our data protection practices please contact: 

  • Email address: DataProtection@Ownera.io

  • Postal Address: XCap Ecosystem Ltd, 33 Queen St, London, EC4R 1AP.

Ownera as a Processor

We also act as a Processor on behalf of our clients, who are Controllers, solely for the purpose of performing our services. Our services ensure that tokenised transactions can take place, by imposing standard configurations that allow the Ownera router to orchestrate the matching of authentication certificates which facilitate the transfer of encrypted pseudonymous personal data and assets, as directed by our clients with their counterparties. The transactions originated by these firms are encrypted and orchestrated through Ownera’s hosted routing service in a way that does not give Ownera access to any personal data or underlying transaction information when delivering hosted Application Orchestration Router or SuperApp services. Please see our FAQs for further information on how we process and protect personal data on behalf of our clients. 

Cookies Policy

Our sites use cookies to distinguish you from other users of a site. This helps us to provide you with a good experience when you browse our sites and also allows us to improve our sites.

Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. We use cookies on our sites to improve their performance and enhance your user experience.

If you do not want to receive cookies, you may choose to opt-out by changing your browser settings. Most browsers allow you to turn off cookies. Switching off cookies may restrict your use of a site and/or delay or adversely affect the way in which it operates.

Listed below are the cookies being used on the Ownera.io website and their source and supposed usage:

First Party Cookies

Cookies that are set by the website and can only be used by the website.

Ownera.io 

  • To persist user session so they stay logged in on the website (Session only)

  • To store currently logged in user details to pre-fill form data

  • To authorise the interface with XCap Ecosystem Ltd servers as part of user registration and onboarding

  • To save user’s account preferences 

Third Party Cookies

Cookies that are not set by the website owner and is primarily used for analytical data of that service or feature.

Google 

  • To track current active users

  • To get visits based on geolocation

  • To get most visited pages and duration of user session per visit

  • To get devices commonly used to access the site

  • To get traffic based on time of day

  • To know how users get referred to the website 

FAQs