FalconX Limited: Privacy Notice

Last Updated July 2026

This Privacy Notice applies to FalconX Limited, our services and website www.falconx.io

1. Introduction
  • Welcome to our privacy notice (the “Notice”), which we are providing as a data controller. This Notice is intended to help you understand how FalconX Limited tr(“FalconX”, “us”, “we” or “our”) collects, processes and protects the personal data you provide to us or that we otherwise collect about you, and to assist you in making informed decisions as to your data when using our trading platform and other services.
  • We and our affiliated companies offer via our website www.falconx.io (the “Site”) and its mobile application ("Mobile App", together with the website, connect to a trading platform) or via direct contact, services and products related to buying and selling virtual financial assets (including cryptocurrencies) and other related services. In this Notice, “Platform” refers to the Site, any associated mobile applications and APIs, and all execution venues operated or maintained by FalconX.
  • We recognise that data protection is an ongoing responsibility and so we will from time to time update this Notice as we undertake new personal data practices or adopt new privacy notices. We fully respect the privacy of our site users and investors, and we are committed to protecting their data and processing it in an appropriate manner and in conformity with applicable data protection and privacy laws, including notably:
    • General Data Protection Regulation (EU) 2016/679 (“GDPR”)
    • Maltese Data Protection Act (Chapter 586 of the laws of Malta) and its respective secondary or subsidiary legislation; and
    • Any other particular data protection rules in the markets where we operate.

  • This Notice applies where we are acting as a data controller with respect to your personal data; i.e. where we determine the purposes for which personal data is processed and the means of such processing. It explains how we will process your personal data when you use our products or services (or apply to do so) or interact with our Platform (regardless of where you do this from). We are the data controller of any personal data which you provide to us or which we otherwise collect in connection with those activities. This Notice further covers any data that you may provide for our newsletters, legislative updates, events and other marketing and promotional communications.
  • We refer to customers of our products and services also as “investors”. For business customers/investors (i.e. not an individual), we will also request and collect personal data about their directors, representatives, corporate officers, authorised signatories, shareholders and in certain instances, ultimate beneficial owners (“UBOs”) (typically for anti-money laundering (“AML”), due diligence and other vetting requirements) (which we refer to in this Notice as an “individual connected to a business”).
  • This Notice also explains how we process personal data about such individuals and should be circulated accordingly. Business customers/investors must also ensure that the individuals connected to their business are made aware of this Notice and the information it sets out prior to us receiving their data (whether obtained directly or indirectly). If you, or anyone else on your behalf, has provided or provides us with personal data on an individual connected to your business (or any entity associated with FalconX), you or they must first ensure that you or they have that individual’s authorisation to do so and will be required to confirm the same to us.
  • When accessing the Platform, we may automatically collect certain information, including your IP address and cookie usage. Please refer to our IP and Cookie Policy available on the website for more information about our practices in this regard.
  • It is important that you read this Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Notice supplements the other notices and is not intended to override them.
  • Please refer to the Glossary at the end of this Notice to understand the meaning of some of the terms which we use in it.

2. Our details
  • The data controller under this Notice is FalconX Limited.
  • We are registered in Malta under registration number C88950, and our registered office is at: Level G, (Office 1/1191), Quantum House, 75, Abate Rigord Street, Ta’ Xbiex, Malta.
  • You can contact us by email at maltacompliance@falconx.io.
  • If you have any question about this Notice, including any requests to exercise your legal rights (which are outlined in Section 10), please contact us using the contact details set out above. Please also use the words ‘Data Protection Matter’ in the subject line.
  • It is imperative that the details we hold about you are accurate and current at all times. Otherwise, this will affect our ability to provide you with our products and services, amongst other possible issues. Please keep us informed if your details change in any way during the course of our relationship with you.

3. Platform
  • Our Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites or applications and are not responsible for their privacy notice or policies. We encourage you to read the privacy notice of every website/app you visit, particularly when leaving our Platform.
  • The Platform is not intended for minors below the age of 18 years, and our products and services are not intended to be offered to minors. We do not knowingly collect personal data relating to minors, and do not wish to do so. If we learn that a minor is using our Platform, products and/or services, we will attempt to prohibit and block such use and will make our best efforts to promptly delete any personal data which we might have relating to such minor. If you believe that we might have any such data, please contact us by e-mail at maltacompliance@falconx.io.

4. The data we collect about you
  • Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). In the course of any business relationship, we will need to collect, use and occasionally disclose personal data for various purposes associated with the scope of the products and services that we provide, either for yourself (the investor) or your organisation (where you are an individual connected to a business).
  • To ensure transparency, we have made an attempt to group and categorise below the different kinds of personal data that we (FalconX) may generally need to collect, process, use, share and store about our investors and/or website users. For the reasons explained above, these data categories are mostly indicative and not exhaustive.
Category of Personal DataWhat it includes and source
Identity dataincludes your first name, maiden name, last name, title, gender, nationality, national I.D., or passport number, organisation, and (in the context of the Platform) username, wallet addresses or similar identifier. The source of this data is you.
Contact data includes your billing, mailing and email address and contact numbers. The source of this data is you.
In the context of our business investors, we may have to collect Identity and Contact Data about the following individuals connected to their business, including particularly directors, representatives and UBOs.
Account dataincludes your full name, email address, contact number, date of birth, nationality, national I.D., or passport number, residential address, website settings and marketing preferences. The primary source of this data is you.
KYC dataincludes full name, email address, mobile number, date and place of birth, nationality, national I.D., passport or other forms of identification, residential address, proof of address, a recent photo (selfie), employment status, source of funds and/or wealth and related documentation, gross annual income and proof of wallet ownership. The primary source of this data is you.
Added KYC dataResults from Politically Exposed Persons (PEP) Screening & Sanction screening, any additional personal data required for proving Source of Funds (e.g. employment contract, certificate of inheritance, etc.), data on the management structure and business activity, etc. This category generally includes any other documentation that may be mandated by AML or sanctions laws, or relevant competent authority or agency (such as the FIAU).
Transaction dataincludes crypto and FIAT payments to and from you (both successful and failed deposits and withdrawals), coin pairs (e.g., BTC/ETH), date and time of transactions, account balances, public wallet addresses, source and destination wallet data, and other details of the products and services provided via the Platform. The source of the transaction data is you and our FIAT payment services provider.
Financial dataincludes source of funds and/or wealth and related documentation, account balances, account withdrawals and other financial-related data. The primary source of this financial data is you.
Usage data may include your IP address, geographical location, browser type and version, device type and model, operating, referral source, length of visit, page views and website navigation paths, device location, as well as information about the timing, frequency and pattern of your service use. The primary source of this usage data is Google Analytics.
Marketing and communication data includes the communication content and the metadata associated with the communication that you send to us or that we send to you. It also includes your preferences in receiving marketing from us or our associated entities and your communication preferences. This may include information on whether you have subscribed or unsubscribed from our marketing lists, attended our events etc.
  • We will also collect, use and process any other personal information that you voluntarily choose to provide or disclose to us where relevant and necessary in order to provide the products or services that you have requested from us. Any such information that we receive from you would fall under the ‘Transaction Data’ category.
  • We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Platform. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in line with this Notice.
  • Where we need to collect personal data by law, or pursuant to our terms of business, and you fail to provide that data when requested, we might not be able to assist you or provide you with our products or services. In certain cases, particularly where it relates to KYC Data, we may even need to exercise our prerogative to terminate any business relationship which we may have with you or otherwise decline to enter into such a relationship with you (as applicable). We will notify you if this is the case at the time.

5. Special categories of personal data
  • We may also (exceptionally) need to process certain special categories of personal data about you as part of our customer due diligence and screening requirements. This may comprise personal data revealing your political affiliations as well as personal data relating to criminal convictions and offences or related security measures. Please see the Glossary for what we mean by a special category of personal data.
  • Below are the circumstances and purposes for which this may take place:
    • Initial and on-going customer due diligence checks: determination of whether or not the customer and certain persons related to the customer are “politically exposed persons” in terms of applicable AML legislation; and
    • Initial and on-going customer due diligence checks: due diligence checks via WorldCheck, Google Searches, databases of regulatory or supervisory authorities, and other publicly accessible sources.
  • As a lawful basis, the processing of this data is necessary for reasons of substantial public interest on the basis of an EU or national law (namely, AML related) or otherwise relates to data which has been manifestly made public by the data subject. There may be other occasions where we may need to process your sensitive personal data, namely where: the processing is necessary for the detection or prevention of crime (including the prevention of fraud) to the extent permitted by applicable law or regulation; or the processing is necessary for the establishment, exercise or defence of legal rights.
  • In other cases, for example where required as part of any service provision, we will rely on your authorisation to process the special category of personal data.

6. How is your personal data collected?
  • We generally use different methods to collect your personal data, including through:
    • Information you provide to us directly when contacting us;
    • Information you provide to any of our affiliates including parent companies, subsidiaries, and companies under common control and ownership;
    • Information we receive from third parties, such as third-party service providers;
    • Information acquired by us during the course of our relationship and dealings with you or your organisation (including any service provision;
    • Information collected through the use by you of our websites, platforms and applications (including via automated technologies); and
    • Information gathered from third parties or publicly available sources. We may receive personal data about you from various third parties and public sources such as analytics providers, advertising networks and search information providers (for usage data), our banks and payment providers (for financial and transactional data), and publicly available sources such as public blockchains, court documents, company registers and from electronic data searches, online search tools (which may be subscription or license based), anti-fraud databases and other third party databases, sanctions lists and general searches carried out via online search engines (e.g. Google) (mainly for KYC data).
  • If you attend an event or meeting at our offices, we may hold images of you captured by our CCTV cameras for a limited period of time.

7. How we use your personal data
  • We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
    • Where you wish to enter into a business relationship with us;
    • Where you open an account on our platforms;
    • Where we are providing you with our products and services;
    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
    • Where we need to comply with our obligations to third parties (this includes our obligations to regulators and public agencies)
  • We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data pursuant to more than one lawful ground or basis, depending on the specific purpose for which we are using your data.
Purpose/ActivityType of DataLawful Basis for Processing
Onboarding Requirements
‘New customer onboarding’: To register you as a new customer allowing you to access and use the Platform’s functionalities.Contact, Account and KYC/Added KYC data.
Performance of a contract with you.

Necessary to comply with a legal obligation.

Necessary for our legitimate interests (to determine whether we can or want to enter into a professional relationship with you, to determine whether we can assist you on the matter for which you have approached us, to carry out internal conflict clearance searches and to verify your ability to meet financial commitments that may result from your requested scope of assistance).
AML and “KYC” Processes
To fulfil our regulatory and legal obligations relating to the prevention of money laundering, fraud prevention, counter-terrorist financing, politically-exposed-persons checks, sanctions checks and any other “know your client” checks.

This includes: verifying your identity; and screening against lists maintained by a third party which assists with this process (such as sanctions lists).

To fulfil our other due diligence and KYC internal compliance policies and requirements.

To fulfil any external mandatory reporting obligations that we may, from time to time, have to local and overseas public and regulatory authorities and/or law enforcement or tax authorities.
Contact, Account, KYC and Added KYC, Financial Data
Necessary to comply with a legal obligation.

Necessary for our legitimate interests (to establish and verify the identity of our clients, even where the requested assistance does not amount to an AML relevant activity, for internal risk assessment and internal management).
Service Provision
To deliver our products and services and process and manage transactions/orders.

To improve the provision of our products and services and/or operation of our platforms.
Contact, Account, Transaction, Financial, Marketing and Communication Data.
Performance of a contract with you.

Legitimate business interests (quality control and business reputation).
For billing and invoice purposes.

To collect and recover money which is owed to us (debt recovery).

Internal record keeping (including files).
Contact, Account, Transaction, Financial, Marketing and Communication Data.
Performance of a contract with you.

Necessary to comply with a legal obligation (accounting and other record-keeping requirements).

Necessary for our legitimate interests (to recover debts due to us, to keep track of the products and services provided, to be able to revisit such matters if new issues arise).
Relationship Management
To manage our business relationship with you (as a client or where the client is your organisation), which may include to:

(a) notify you about changes to our terms of business or privacy notices;

(b) deal with your enquiries, requests, complaints or reported issues;

(c) contact you in the course of providing requested Services;

(d) request feedback from you;

(e) advise you of industry and legislative updates;

(f) inform you about our events and seminars (including webinars);

(g) provide you with information about our products, services and platforms; and
Contact, Account, Transaction, Marketing and Communication Data.
Performance of a contract with you.

Necessary for our legitimate interests (for client relationship handling and management, to study business growth and possible trends regarding our service areas, to enable a review and assessment of our service provision, to develop and grow our business).
Business and Financial Management
To run our business in an efficient and proper manner.

To respond to client due diligence requests.

To investigate and respond to client complaints.
Contact, Account, KYC, Added KYC, Transaction and Financial data
Necessary for our legitimate interests (for administering, managing and operating our business affairs, including our financial position, business capability, planning, communications, corporate governance, audit, insurance, sales, to prevent fraud and to maintain the confidentiality of communications, and in the context of a business reorganisation or any restructuring.

Necessary to comply with a legal obligation.
To establish and investigate any suspicious behaviour in order to protect our business from any risk and fraud.

To detect, investigate and prevent and/or report:
  • breaches of internal and regulatory policies; and/or
  • fraudulent activity and/or any other criminal activity.
To assist and cooperate in any criminal or regulatory investigations against you, as may be required of us.

Risk Management: to effectively operate our audit, compliance controls and other risk management functions.
Contact, Account, KYC, Added KYC, Transaction and Financial data
Necessary to comply with a legal obligation.

Necessary for our legitimate interests (regulator relations, business reputation).
To administer and protect our firm, business and the Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

To manage the performance and security of our equipment, IT systems and electronic platforms, including administering access rights.

To operate IT security audits.
Account, Usage data.
Necessary for our legitimate interests (for running and administering our firm and business (including IT support), systems administration, network security, to prevent fraud and to maintain the confidentiality of communications, and in the context of a business reorganisation or group restructuring exercise).

Necessary to comply with a legal obligation.
Marketing and Business Growth
To carry out market research campaigns.

Use data analytics to improve the Platform, marketing purposes and customer experience

To deliver relevant advertisements to you, and measure or understand the effectiveness of the advertising we serve to you.
Account, Usage, Marketing and Communications.
Necessary for our legitimate interests (to develop our products/services, grow our business, to define our clients and their industries or sectors, to keep our Platform and promotional material updated and relevant, and to inform our marketing strategy).

On the basis of your consent, in the absence of an existing relationship.
Enforcement of Rights
To exercise or defence legal claims. To enable FalconX to pursue available remedies or limit any damages that we may sustain.
All data.
Performance of a contract with you.

Necessary for our legitimate interests.
  • Marketing. We strive to provide you with choices regarding certain personal data uses, particularly around advertising and marketing. Through mainly your Account Data and Marketing and Communications Data, we are able to form a view on which of our products and/or services may be of most interest for you or your organisation. You may receive marketing communications from us where: (i) you have entered into a business relationship with us; and (ii) provided you have not opted out (see Your right to object below). Where the above does not apply to you, we will only send marketing communications to you if you have expressly consented to receive them from us.
  • We will get your express opt-in consent before we share your personal data with any third parties (including our associated corporate entities) for marketing purposes.
  • You can ask us to stop sending you marketing communications (unsubscribe) at any time by following the opt-out (unsubscribe) links included on any such communications.
  • You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some features of the Website might not function properly. This Notice should be read in conjunction with FalconX’s IP address and cookie policy.

8. Change of purpose
  • We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or we are obliged to process your data by applicable laws or court / enforceable orders.
  • If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at maltacompliance@falconx.io
  • If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

9. Disclosures of your personal data
  • We may transfer your personal data to our affiliated companies for these purposes:
    • to facilitate and administer your business relationship with us;
    • as part of our regular reporting activities on group performance;
    • to consolidate our reporting and accounting procedures;
    • to ensure business efficiency (all the above being a legitimate interests), and/or
    • where necessary to achieve or further any of the purposes in Section 7 above.
  • In addition, we may disclose your personal data, to courts, law enforcement or governmental authorities, or authorised third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary:
    • to comply with our legal obligations,
    • to comply with binding orders and to respond to claims asserted against us,
    • to respond to requests relating to a criminal investigation or alleged or suspected illegal activity or any criminal offence, or any activity that may expose us, you, or any other of our investors/users to legal liability.
  • Third-party service providers. We use third-party service providers to help us provide services related to the website and the payment services. Service providers may be located inside or outside of the European Economic Area (“EEA”). These providers have limited access to your personal data and are contractually bound to protect and to use it on our behalf only for the purposes for which it was disclosed. We do not allow our third-party service providers to use your personal data for their own purposes. The categories of such third parties are mainly the following:
    • Service providers, such as card issuers and card acquirers, and any other service providers we, FalconX, have engaged to be able to provide you with the products and services which we have been contracted to provide you;
    • Third-party payment processors, such as payment services providers and banks;
    • IT support services, including as relating to our Platform;
    • Third parties assisting in investigations (such as AML-related) for the purpose of detecting and preventing fraud or other security or technical problems;
    • Relevant parties in connection with our anti-money laundering, anti-bribery, anti-fraud or ‘KYC’ requirements or policies (including third party service providers which carry out sanctions checks on our behalf);
    • Cloud services providers for provision of cloud-based services such as storage or hosting certain software;
    • Professional advisors acting as processors or joint controllers including lawyers, auditors and insurers who provide consultancy;
    • Service providers for the purpose of data analytics.
  • We may also disclose your information to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets (successors in title). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may use your personal data in the same way as set out in this Notice. Additionally, we may also disclose your data to enforce our contractual terms with you or your entity, or to protect our rights or property or those of our investors, users or partners. This could include exchanging information with other companies and organisations for the purposes of fraud protection.

10. International transfers
  • Due to the international nature of our business and service providers, your personal data may be transferred and stored in countries outside of the EU/EEA. Some of these countries may have been deemed by the European Commission to provide a level of protection for personal data that is essentially equivalent to that in the EU.
  • For any such transfer, we will ensure that at least one of the following safeguards applies or is otherwise implemented:
    • the country to which the personal data is transferred ensures an adequate level of protection for the data subject’s rights and freedoms recognized under EU data protection law;
    • in the absence of an adequacy decision, the data transfer is regulated by specific contracts approved by the European Commission which give personal data the same standards of protection which it has in Europe (referred to as standard contractual clauses or model clauses); or
    • failing the above, the transfer is necessary:
      • for the performance of your business relationship with us;
      • for the performance of a contract concluded in your interests between us and another person;
      • for important reasons of public interest;
      • to comply with a legal or regulatory obligation to which we are subject; or
      • for the filing, exercise or defence of legal claims.
    • If we have to transfer your data to outside the EU and cannot rely on any of the mechanisms set out above, we shall request your explicit consent to do so.

11. Data security
  • We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
  • We also regularly review and, where practicable, improve upon these security measures.
  • In addition, we limit access to your personal data to employees, agents, contractors and other professional third parties on a need-to-know basis. They will only process your personal data on our instructions and are subject to duties of confidentiality.
  • We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. In the event of such a breach we will notify you on the contact details provided at account opening.

12. Data retention

How long will you use my personal data for?

  • To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm to it from unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • In the case of investors, we will only retain your personal data for as long as necessary to fulfil the purposes for which we had collected it, i.e. the performance of the business relationship and provision of the products and services which you have contracted from us, and thereafter: (i) for the purpose of satisfying any legal, accounting, tax or other record-keeping or reporting obligations to which we may be subject; and/or (ii) to the extent that we may also need to retain your personal data in order to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.
  • By and large, our retention of your personal data shall not exceed the period of six (6) years from the termination of your business relationship with FalconX. This period takes into account applicable prescriptive periods as well as our ongoing obligations to comply with applicable accounting, AML, legal, regulatory and tax record-keeping or reporting requirements.  In certain cases, we may need to retain your personal data for a period of up to eleven (11) years in order to comply with applicable accounting and tax laws (this will primarily consist of your Transaction and Financial Data).
  • Note that we may need to retain your personal data, or some of it, for longer period(s), such as in relation to threatened or commenced claims, disputes or litigation, ongoing or pending investigations, requests made by competent authorities or to abide by court orders or as dictated by the nature of the services or the business relationship.
  • In some circumstances you can ask us to delete your data. See Request erasure below for further information. In other circumstances, we may also anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

13. Your legal rights
  • Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
    • Request access to your personal data.
    • Request correction (rectification) of your personal data.
    • Request erasure of your personal data.
    • Object to processing of your personal data.
    • Request restriction of processing your personal data.
    • Request transfer of your personal data.
    • Right to withdraw consent.
  • If you wish to exercise any of those rights, please contact us at maltacompliance@falconx.io
  • You will not have to pay a fee to exercise any of your data subject rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may simply refuse to comply with your request in such circumstances.
  • We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  • We will respond to all legitimate requests within a period of one (1) month from the date of receiving your request. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In such cases, we will notify you and keep you updated.
  • You have the right to:
    • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to ensure that we are processing it lawfully. You will receive one copy, via email and free of charge, of the personal data that we hold. Any further copies of the information processed shall incur an administrative charge.
    • Right to information when collecting and processing personal data about you from publicly accessible or third-party sources. When this takes places, we will inform you, within a reasonable and practicable time frame, about the third party or publicly accessible source from which we have collected your personal data.
    • Request correction or rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected or updated, though we may need to verify the accuracy of the new data you provide to us. As mentioned, it is in your interest to keep us informed of any changes or updates to your personal data which may occur during the course of your relationship with us, since this may otherwise impair our ability to provide you with the products and/or services which you request from us.
    • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where:
      • there is no good reason for us continuing to process it;
      • you have successfully exercised your right to object to processing;
      • we may have processed your information unlawfully; or
      • we are required to erase your personal data to comply with local law.

        Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. These may include instances where the retention of your personal data is necessary to:
      • comply with a legal or regulatory obligation to which we are subject; or
      • establish, exercise or defend a legal claim.
    • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your data for direct marketing purposes.

      In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information that override your rights and freedoms.
    • Request restriction of the processing of your personal data. This enables you to ask us to suspend processing of your personal data in the following scenarios:
      • if you want us to establish the data’s accuracy;
      • where our use of the data is unlawful but you do not want us to erase it;
      • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
      • you have objected to our use of your personal data, but we need to verify whether we have overriding legitimate grounds to use it.
    • Request the transfer (data portability) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
    • Withdraw your consent at any time where we are relying on consent to process your personal data (which will generally not be the case). This will not affect the lawfulness of any processing carried out before you withdrew your consent. Any processing activities that are not based on your consent will remain unaffected.
  • Kindly note that none of these data subject rights are absolute  and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.

14. Complaints
  • You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as in particular the supervisory authority in the place of your habitual residence or your place of work. In the case of Malta, this is the Office of the Information and Data Protection Commissioner (the “IDPC”):
    https://idpc.org.mt/en/Pages/Home.aspx)
  • We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

15. Conclusion
  • This Notice may be updated from time to time.
  • Please note that if our business, or any part of it, is sold or transferred at any time, the information we hold may form part of the assets transferred, although it will still only be used in accordance with this Notice.
  • We reserve the right, at our discretion, to change, modify, add, or remove portions from this Notice at any time. Please read this Notice carefully and re-visit this page from time to time to review for changes.
  • If you have any questions regarding this Notice, or if you would like to send us your comments, please contact us using the Contact Details indicated in this Notice.

16. GLOSSARY

Set out below are key definitions of certain terms which appear in this Notice:

  • data subjects” means living, natural persons about whom we process personal data;
  • data controller” or “controller” means any entity or individual who determines the purposes for which, and the manner in which, any personal data is processed;
  • data processor” or “processor” means any entity or individual that processes data on our behalf and on our instructions (we being the data controller);
  • GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
  • legitimate interest(s)” means our interest to conduct and manage our business appropriately and responsibly, to protect the reputation of our business, and to provide the best possible services. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests;
  • personal data” means data relating to a living individual (i.e., natural person) who can be identified from the data we possess about him or her. This includes, but is not limited to, your name and surname, address, date of birth, contact details. The term “personal information”, where used in this Notice, has the same meaning as personal data;
  • processing” means any activity or set of operations that involves use of personal data. It includes obtaining, recording or holding data, or carrying out any operation or set of operations on data including, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties; and
  • special categories of personal data” means information revealing a person's racial or ethnic origin, political opinions, religious, philosophical or similar beliefs, trade union membership, physical or mental health or condition or sexual life or biometric data. In this Notice, it also includes information relating to criminal convictions or offences.

FalconX Limited: IP Address and Cookie Policy

Last Updated 01/07/2026

17. Introduction

Welcome to our IP Address and Cookie Policy (the “Policy”). We, FalconX Limited (“FalconX”, “we”, “us” or “our”) collect aggregate information about the users of our Sites as explained below.

Before using or accessing  our website www.falconx.io, any associated mobile applications and APIs, any related software, forums, blogs, social media pages and other relevant platforms operated or maintained by FalconX (collectively the “Sites”), you should know that we use cookies, mobile identifiers, tracking URLs, log data and similar technologies to help provide, protect, and improve the Sites and our related products and services, and your experience when using them.

This Policy provides you with information on the cookies and other tracking technologies which we use over the Sites and our purposes for using them. These technologies may also involve collecting and using your user Internet Protocol Address (referred to as an “IP Address”).

Please read this Policy carefully to familiarize yourself with your rights and how and why we use these technologies and the choices you have.  If you do not accept or agree to the practices described in this Notice, you should exit the Site(s) immediately.

To review our privacy notice for users of our products, services or Sites, please see our privacy policy.

For further information about this Policy, please contact us at maltacompliance@falconx.io


18. IP Address

What happens when you visit the Sites

Every time you connect to the internet or, if you use an always-on connection, such as broadband or ADSL, when you boot up or restart your computer, you are automatically assigned a unique identifying number known as an IP Address. This IP Address, which contains, amongst other things, information regarding the location of your computer on the internet (your country of origin) and the name of your internet service provider (“ISP”), is automatically logged by our Sites.

What is an IP Address?

When you first started your internet session (i.e. your computer connected to the internet), your computer was automatically assigned a unique number (normally in the region of 9 or 10 decimal numbers), known as an IP Address. This is your computer’s unique address on the internet. Without an IP Address, websites would not be able find your computer on the internet and so would not be able to deliver their content to you. Since each time you disconnect and reconnect to the internet, a new IP Address is automatically assigned to your computer, IP Addresses are not inherently capable of identifying you as an individual (at least, by themselves and not combined with other identifiers).

An IP Address does, however, contain information regarding the location of your computer on the internet (your country of origin), and the name of your ISP. Such information, when combined with other available information, may potentially lead to, or allow for, your identification. For these reasons, EU Data Protection Law treats IP Addresses as personal data with the resulting protections.

How do we collect your IP Address?

Each time you visit a page on our Sites, your computer sends out a message asking for the requested content to be delivered. This message sent by your computer also encloses your IP Address as a form of “return address”, so that the Sites may find your computer in order to then be able to send the requested content. Our webserver automatically logs all these messages.

What do we do with your IP Address?

When we log your IP Address, the data collected is grouped up with the other logged IP Addresses in order to provide us with the statistics on the geographic location of visitors to our Sites, how long they stay on them, which are the most viewed pages and for other statistical reasons relevant to us.

We gather your IP address automatically and store it in log files. These files also contain information relating to your browser type, ISP, operating system, date/time stamp, clickstream data and the files viewed on the Sites. Collecting this type of information allows us to generate aggregate information for the purposes of developing our Sites, including as to overall user trends and activities online (such as the number of unique visitors, pages accessed and viewed most frequently or the search terms entered). It also allows us to administer the Sites, diagnose any potential server problems, analyse visitor trends and statistics, and generally helps us to provide you with a better internet experience.

IP Addresses are not stored for longer than necessary for the above stated purposes.

19. Cookies

Information about our use of Cookies

We have implemented and activated cookies on our Sites to distinguish you from other users. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or on your mobile device, if you agree to let us do so. A cookie enables the website or app to remember users that have already visited. Without a cookie, every time you open a new web page, the server where that page is stored will treat you like a completely new visitor.

Therefore, whilst you do not need to allow cookies to visit most pages of the Sites, doing so will provide a more personalised experience and is necessary for certain features to work. Enabling cookies can allow for functions like remembering your preferences and login information. If you disable them, these specific functions may not work correctly.

How we use cookies

Cookies are small files consisting of alphanumeric characters that are stored on your device. We use cookies for several reasons, including, but not limited to:

  • To provide users with a customized browsing experience;
  • To run the functionality of our Sites optimally and efficiently;
  • To detect and prevent fraudulent use of our Sites;
  • To gather information about users’ activity on our Site and to understand how they are used;
  • For research and analytical purposes so that we can improve our Sites.

In many cases, the information we collect from cookies and other tools is only used in a non-identifiable way without reference to personal data. Our business partners may also use these tracking technologies in connection with our services or engage others to track your browsing behaviour on our behalf.

You can change or withdraw your cookie preferences at any time by selecting “Cookie Settings” in the website or page footer.

The types of cookies we use on the Sites

Our Sites mostly use “first-party cookies”. These are cookies set and controlled by FalconX and not by any external organisation.

However, to view some of our pages, you will have to accept cookies from external organisations.

First-Party Cookies

  • Strictly necessary cookies

These are necessary cookies that are set by our Sites directly (sometimes referred to as “strictly necessary” cookies). These cookies are essential to the running of the Sites and are kept for the duration of your visit. These cookies keep track of things such as the session ID and whether you have chosen to view the site in high visibility mode.  These cookies do not require user consent.

Cookie NameCookie DescriptionTypeExpires/ Max Age
_cfuvid
set by Cloudflare on falconx.io. Manages session consistency and protects against abuse. Session only disappears when the browser is closed. Not managed through GTM — part of Webflow's hosting infrastructure.
NecessarySession only
_cfuvid
set by Cloudflare on sibforms.com. Same as above but on Sendinblue/Brevo's domain, confirming the site connects to their servers. Session only. Not managed through GTM — comes from a direct Sendinblue embed somewhere on the site.
NecessarySession only
__cf_bm
set by Cloudflare on twitter.com. Bot management and security. Lasts 1 hour. Not managed through GTM — a side effect of the Twitter pixel making requests to Twitter's servers.
Necessary1 hour
__cf_bm
set by Cloudflare on t.co (Twitter's link shortener). Same purpose. Lasts 1 hour. Not managed through GTM.
Necessary1 hour
_gcl_au
set by Google Ads on falconx.io. Conversion linker that connects Google Ad clicks to actions taken on the site.
Marketing3 months
_gcl_ls
set by Google on falconx.io. Related to Google's click and conversion tracking.
MarketingNo expiry
_twpid
set by Twitter/X pixel on falconx.io. A first-party version of Twitter's pixel identifier, set directly on your domain rather than Twitter's.
Marketing1 year 24 days
_gcl_ls
set by Google on falconx.io. Related to Google's click and conversion tracking. No expiry date — persists indefinitely. Managed through GTM.
MarketingNo expiry
muc_ads
set by Twitter/X on t.co. Tracks user behaviour for ad targeting across the web. Managed through GTM.
Marketing1 year 1 month
bcookie
set by LinkedIn on linkedin.com. Browser identifier used for ad targeting and tracking use of LinkedIn-embedded content. Managed through GTM.
Marketing1 year
guest_id
set by Twitter/X on twitter.com. Identifies visitors (even those not logged into Twitter) to Twitter's ad network. Managed through GTM.
Marketing1 year 1 month
guest_id_ads
set by Twitter/X on twitter.com. Same visitor identifier, specifically tagged for ad attribution purposes.
Marketing1 year 1 month
guest_id_marketing
set by Twitter/X on twitter.com. Same visitor identifier, tagged for marketing tracking.
Marketing1 year 1 month
li_gc
set by LinkedIn on linkedin.com. Stores the visitor's consent choice for LinkedIn's non-essential cookies.
Functional6 months
lidc
set by LinkedIn on linkedin.com. Internal LinkedIn routing and data centre selection.
Functional1 year 24 days
  • Analytics cookies

We use these purely for internal research on how we can improve the service we provide for all our users. The cookies simply assess how you interact with our Sites – as an anonymous user (the data gathered does not identify you personally). They allow us to understand the number of visitors and see how visitors move around the Sites when using them and gain insight on how our visitors use them. This means we can find out what works and what doesn't, optimize and improve our Sites, understand the effectiveness of advertisements and communications and remain relevant.

However, you are free to refuse these types of cookies – either via the cookie banner you’ll see on the first page you visit on the Site(s) or as otherwise explained in this Policy.

Cookie NameCookie DescriptionTypeExpires/ Max Age
_ga_D9JT2YX95T
set by Google Analytics 4 on falconx.io. Property-specific session tracking cookie, records engagement and session counts for this site.
Analytics1 year 1 month
_ga
Used to analyse visitor browsing habits, flow, source and other information.
HTTP2 years

Third-Party Cookies

These are cookies set by third-party providers which we may use to enhance our Sites. We currently work with third parties to provide services on our Sites (including advertising networks and providers of external services like web traffic analysis services). Those third parties may use their own cookies, including to collect information about your activities on our Sites. This information may be used to serve advertisements that they believe are most likely to be of interest to you.

We do not control these cookies and you should refer to their websites for further information (including as to how to reject them and privacy policies that apply to their use). Alternatively, you may deactivate or restrict the transmission of cookies by changing the settings of your web browser.

These cookies are only activated during your sessions with your consent. These third-party services are outside of the control of FaclonX. Providers may, at any time, change their terms of service, purpose and use of cookies, etc.

The following section details third-party cookies you might encounter through the Sites.

  • Google Analytics

Like many websites, we use Google Analytics to collect information about visitor behaviour, such as the number of visitors to the various parts of our Sites. We do this to compile reports that help us improve our site. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here, what documents you download and what you click on.

This analytics data is not tied to personally identifiable information (e.g., your name or address) so this information cannot be used to identify who you are. Google also states that it will never associate your IP address with other data held by Google Below is a description (not an exhaustive list) of the Google Analytics cookies we may use on this Site and what they are used for.

Read the Google Analytics privacy document for more details about the data collected by Google Analytics.

Google offers a deactivation add-on for most current browsers that provides you with more control over what data Google can collect on websites you access. The add-on tells the Google Activity JavaScript (ga.js) (gtag.js, analytics.js) that is running on the website from sharing information with Google Analytics about visit activity. Using the opt-out browser add-on will not prevent the information from being transmitted to us or to other web analysis services we may engage.

To opt out of being tracked by Google Analytics across all websites and for further information generally, check the Google Analytics opt-out browser add-on.

  • Other external providers and social media

Some of our pages display content from external providers, e.g. YouTube, Facebook and Twitter.

To view this third-party content, you first have to accept their specific terms and conditions. This includes their cookie policies, which we have no control over. But if you do not view this content, no third-party cookies are installed on your device.

Third-party providers on FalconX’s Sites:

Removing cookies from your device

You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited. Be aware though that you may also lose some saved information (e.g. saved login details, site preferences).

Managing site-specific cookies

For more detailed control over site-specific cookies, check the privacy and cookie settings in your preferred browser. Cookies are stored on your individual device, and you have full control over their use. You may deactivate or restrict the transmission of cookies by changing the settings of your web browser. Cookies that are already stored may be deleted at any time.

Find out how to manage and delete cookies on popular browsers:

If your browser is not listed above, consult your browser’s “help” function, or go to your browser’s manual.

Blocking or disabling cookies

You can set most modern browsers to prevent any cookies being placed on your device, but you may then have to manually adjust some preferences every time you visit a site/page. And some services and functionalities may not work properly at all (e.g. profile logging-in). Also, we do not control any of these opt-out links and are not responsible for the availability or accuracy of these mechanisms.

20. Updates to this Policy

We will occasionally update this Policy to reflect changes in our practices and services. When we post changes to this Policy, we will revise the “Last Updated” date at the top of this Policy.

We recommend that you check this page from time to time to inform yourself of any changes in this Policy or any of our other policies.

21. Contact Us

If you have any questions or comments about this Policy, or privacy matters generally, please contact us via email at maltacompliance@falconx.io.

By accepting, you agree to the storing of cookies on your device. View our Privacy Policy for more information.
PreferencesDenyAccept