My review of xace.io

[Coin]

Helllo everyone,

I would like to share my experience with xace.io who is advertiser here on this forum.

I'm running cryptocurrency trading company incorporated in Europe.

To start the account opening process you have to fill out their form on website. In their form they asked about pretty much everything - type of business, country of incorporation, monthly amount of transactions and so on so they perfectly knew everything about your company from their from.

Within one day I received email from them saying "Thank you for submitting an application with Xace. Based on the information you have provided we can begin the compliance process required to open an account." In this email they also asked me to provide all kinds of company documents plus my ID card.

Great right? Well not really. To my surprise once I provided everything they asked for I received email saying:

"
Thank you again for your application and for providing the documents. Unfortunately we are unable to accept your application at this time.

Additionally, we are unable to give any further information with regards to this decision.

Best Wishes,

The Xace Team"

That just seems really sketchy to me. They knew everything about my company and my documents did not provide any new information to them. So why would they ask for my documents in the first place if they already knew that they would reject my application? Are they just collecting personal information for some really strange unauthorized purpose?

If you have any experience with xace please don't hesitate to share it. Overall they are responsive and respond pretty fast. Their pricing is okay but not the cheapest with hefty account opening fee but I would be more than happy to pay it. In my honest opinion I would not recommend using xace as their business practices seem really questionable to me.

 

[sinos]

Xace aren't that eager to work with crypto, they denied my application, when I stated crypto arbitrage in details and also mentioned that majority of my trades will be SEPA.

 

[blizz]

Additionally, we are unable to give any further information with regards to this decision.

business as usually! Have you applied with a merchant account provider or other banks! 90% of them will give you the same answer, nothing strange with them.

 

[Coin]

Xace aren't that eager to work with crypto, they denied my application, when I stated crypto arbitrage in details and also mentioned that majority of my trades will be SEPA.

Yeah that's my point. In my application I stated that my company is a crypto exchange. So if they don't accept with crypto exchanges why would they ask for my company's and personal documents? Also it's very strange that their live chat said that they open accounts for crypto companies.

 

[blizz]

documents? Also it's very strange that their live chat said that they open accounts for crypto companies.

Yesterday I had a a chat with a guy who told me he had the new Samsung 85" Qled TV on stock and they will come and deliver it to my house today if I placed the order.

Today they called me only to tell that I can't get the TV because it's out of stock!

What I will tell you with this that the chat operator not has influence on the compliance department in such operations.

 

[Coin]

Yesterday I had a a chat with a guy who told me he had the new Samsung 85" Qled TV on stock and they will come and deliver it to my house today if I placed the order.

Today they called me only to tell that I can't get the TV because it's out of stock!

What I will tell you with this that the chat operator not has influence on the compliance department in such operations.

No that's not what I meant. Their compliance fee reviewed my application which made them well aware that my company is crypto related but they proceed to ask for my personal and company's documents even though they had no intention to open the account.

 

[sinos]

No that's not what I meant. Their compliance fee reviewed my application which made them well aware that my company is crypto related but they proceed to ask for my personal and company's documents even though they had no intention to open the account.

Right!! this is how its working for majority of the EMIs that suddenly seem to be crypto friendly, will happily take your compliance fee and then deny the application without stating any reasons.

 

[Coin]

Right!! this is how its working for majority of the EMIs that suddenly seem to be crypto friendly, will happily take your compliance fee and then deny the application without stating any reasons.

Were you able to find any EMI that opened account for you? If so could you share the name of that EMI?

 

[sinos]

Were you able to find any EMI that opened account for you? If so could you share the name of that EMI?

Healy consultants referred me to Orounda, but they aren't clear about their fees, have applied lets see.

 

[dirtyharry]

No that's not what I meant. Their compliance fee reviewed my application which made them well aware that my company is crypto related but they proceed to ask

stop, wait do you pay a fee to open an account with them? it is non refundable if account is declined?

 

[GlobalConsult]

They also offer IBAN from Malta. Does anyone know which EMI is the issuer of the MT IBANs?

 

[blizz]

Their compliance fee reviewed my application which made them well aware that my company i

how much is this fee?

I'm sure they make more money from boarding customers then declining them and get a small fee.

 

[Coin]

how much is this fee?

I'm sure they make more money from boarding customers then declining them and get a small fee.

I'm not sure if they would like their fee listed here as they do not show it anywhere on their website but it's not in hundreds.

They don't take any fees for declining but you seem to be a little confused about what I said. I never complained about fees. I said that they reviewed my application which provided them all information about my company - they knew that they would not open account for my company but they still proceed to ask for my company's and personal documents for some strange reason just to tell me that they won't open account without a given reason.

 

[Flibustier]

I'm not sure if they would like their fee listed here as they do not show it anywhere on their website but it's not in hundreds.

They don't take any fees for declining but you seem to be a little confused about what I said. I never complained about fees. I said that they reviewed my application which provided them all information about my company - they knew that they would not open account for my company but they still proceed to ask for my company's and personal documents for some strange reason just to tell me that they won't open account without a given reason.

The devil is in the details.
Perhaps they saw something in your documents they did not like. Again 99% banks and EMIs do exactly that. This is a mega frustrating process.

 

[doshman]

Helllo everyone,

I would like to share my experience with xace.io who is advertiser here on this forum.

I'm running cryptocurrency trading company incorporated in Europe.

To start the account opening process you have to fill out their form on website. In their form they asked about pretty much everything - type of business, country of incorporation, monthly amount of transactions and so on so they perfectly knew everything about your company from their from.

Within one day I received email from them saying "Thank you for submitting an application with Xace. Based on the information you have provided we can begin the compliance process required to open an account." In this email they also asked me to provide all kinds of company documents plus my ID card.

Great right? Well not really. To my surprise once I provided everything they asked for I received email saying:

"
Thank you again for your application and for providing the documents. Unfortunately we are unable to accept your application at this time.

Additionally, we are unable to give any further information with regards to this decision.

Best Wishes,

The Xace Team"

That just seems really sketchy to me. They knew everything about my company and my documents did not provide any new information to them. So why would they ask for my documents in the first place if they already knew that they would reject my application? Are they just collecting personal information for some really strange unauthorized purpose?

If you have any experience with xace please don't hesitate to share it. Overall they are responsive and respond pretty fast. Their pricing is okay but not the cheapest with hefty account opening fee but I would be more than happy to pay it. In my honest opinion I would not recommend using xace as their business practices seem really questionable to me.

They did the same to me recently.

 

[JohnnyDoe]

I suggest that you send them a formal GDPR request as described here Art. 15 GDPR – Right of access by the data subject - General Data Protection Regulation (GDPR) so that you know how your data is used. And take it on from there if you want to harass them.

 

[JohnnyDoe]

XACE=clowns

“Thank you for your interest and inquiry to Xace. Regrettably, we are unable to proceed with your application at this time.

At this current time, we would not be able to provide more information with regards to the rejection reason.

We wish you all the best.”

 

[avalanche]

No that's not what I meant. Their compliance fee reviewed my application which made them well aware that my company is crypto related but they proceed to ask for my personal and company's documents even though they had no intention to open the account.

The whole EMI industry is built around violating privacy as much as possible thanks to regulators, so for employees there is nothing special in getting your ID even if they know that you'll be rejected. Asking you for ID is probably part of their routine just to fill up their CRM and they followed it without being flexible and adaptable to the situation.

In short, they simply dont care about your documents as much as you do

 

[JohnnyDoe]

Here is my answer to XACE. Please everyone use it with the monkeys when they steal your data.

Pursuant to the General Data Protection Regulation (GDPR), I am exercising my rights under Articles 15, 16, 17, 18, 20, and 21 to request comprehensive information on the handling of my personal data, as well as to request access, rectification, restriction, data portability, and erasure where applicable. Additionally, I would like to exercise my right to object to certain data processing activities. My specific requests are outlined below:



1. Confirmation of Data Processing (Article 15): Please confirm whether you process any personal data related to me.

2. Access to Personal Data (Article 15): Provide a complete copy of all personal data held about me in an accessible format, including metadata, processing activities, and sources.

3. Purpose of Processing (Article 15): Describe in detail the purposes for which my personal data is or has been processed.

4. Categories of Personal Data (Article 15): List the categories of personal data processed by your organization concerning me.

5. Data Acquisition Source (Article 15): Explain how my personal data was acquired, including specific sources, whether collected directly or obtained from third parties.

6. Data Storage and Security Measures (Article 15): Provide details on where and how my data is stored and outline the security measures in place to protect it.

7. Data Retention Periods (Article 15): Specify the length of time for which my data will be retained, or if no specific retention period exists, the criteria used to determine this period.

8. Recipients of Data Transfers (Article 15): List all third parties, including processors, controllers, and any international organizations, to whom my data has been disclosed or transferred, as well as the reasons for such transfers.

9. Responsible Parties for Data Handling (Article 15): Identify the individual(s) or department(s) responsible for managing and processing my personal data, along with their contact information.

10. Data Portability (Article 20): Provide a machine-readable, commonly used format of my personal data, enabling me to transfer it to another service provider.

11. Rectification of Inaccurate Data (Article 16): Rectify any inaccuracies in my personal data or complete any incomplete data you may hold.

12. Restriction of Processing (Article 18): Restrict the processing of my personal data until you can verify its accuracy, the lawfulness of its processing, or respond to my objection to processing.

13. Objection to Processing (Article 21): I hereby object to any processing of my data for direct marketing purposes, as well as any profiling related to such marketing, or any automated decision-making practices.

14. Withdrawal of Consent (Article 7): Where data processing is based on consent, please treat this letter as my formal withdrawal of consent for any processing activities.

15. Data Erasure (Right to be Forgotten, Article 17): Erase all personal data held about me, as it is no longer necessary for the purposes for which it was collected, lacks a valid legal basis, or if consent was the sole basis and has now been withdrawn.

16. Notification of Actions Taken (Article 19): Confirm in writing that you have informed any third parties to whom my personal data has been disclosed about the rectification, restriction, or erasure of data as requested above.

17. Explanations for Retention or Processing (if applicable): If you believe there are legal grounds to retain or continue processing any data after this request, provide a clear explanation and the specific legal basis relied upon.



In compliance with Article 12(3) of the GDPR, please respond to this request without undue delay and in any case within one month of receipt. Should you require additional time, inform me within this initial period, including the reason for any extension.



Please be advised that failure to comply with these requests will leave me no choice but to file a formal complaint with the relevant Data Protection Authority under Article 77 of the GDPR. In addition, I reserve the right to pursue legal action under Article 79, which grants me the right to seek judicial remedy if I believe my rights have been violated, and Article 82, which entitles me to compensation for any material or non-material damage resulting from non-compliance.



I expect prompt and full compliance with this request. Please confirm receipt of this letter and provide a timeline for when I may expect a full response. If any part of this request cannot be fulfilled, I request a detailed legal justification for the inability to comply.



Thank you for your attention to these requests.

 

[ilke]

Here is my answer to XACE. Please everyone use it with the monkeys when they steal your data.

Pursuant to the General Data Protection Regulation (GDPR), I am exercising my rights under Articles 15, 16, 17, 18, 20, and 21 to request comprehensive information on the handling of my personal data, as well as to request access, rectification, restriction, data portability, and erasure where applicable. Additionally, I would like to exercise my right to object to certain data processing activities. My specific requests are outlined below:



1. Confirmation of Data Processing (Article 15): Please confirm whether you process any personal data related to me.

2. Access to Personal Data (Article 15): Provide a complete copy of all personal data held about me in an accessible format, including metadata, processing activities, and sources.

3. Purpose of Processing (Article 15): Describe in detail the purposes for which my personal data is or has been processed.

4. Categories of Personal Data (Article 15): List the categories of personal data processed by your organization concerning me.

5. Data Acquisition Source (Article 15): Explain how my personal data was acquired, including specific sources, whether collected directly or obtained from third parties.

6. Data Storage and Security Measures (Article 15): Provide details on where and how my data is stored and outline the security measures in place to protect it.

7. Data Retention Periods (Article 15): Specify the length of time for which my data will be retained, or if no specific retention period exists, the criteria used to determine this period.

8. Recipients of Data Transfers (Article 15): List all third parties, including processors, controllers, and any international organizations, to whom my data has been disclosed or transferred, as well as the reasons for such transfers.

9. Responsible Parties for Data Handling (Article 15): Identify the individual(s) or department(s) responsible for managing and processing my personal data, along with their contact information.

10. Data Portability (Article 20): Provide a machine-readable, commonly used format of my personal data, enabling me to transfer it to another service provider.

11. Rectification of Inaccurate Data (Article 16): Rectify any inaccuracies in my personal data or complete any incomplete data you may hold.

12. Restriction of Processing (Article 18): Restrict the processing of my personal data until you can verify its accuracy, the lawfulness of its processing, or respond to my objection to processing.

13. Objection to Processing (Article 21): I hereby object to any processing of my data for direct marketing purposes, as well as any profiling related to such marketing, or any automated decision-making practices.

14. Withdrawal of Consent (Article 7): Where data processing is based on consent, please treat this letter as my formal withdrawal of consent for any processing activities.

15. Data Erasure (Right to be Forgotten, Article 17): Erase all personal data held about me, as it is no longer necessary for the purposes for which it was collected, lacks a valid legal basis, or if consent was the sole basis and has now been withdrawn.

16. Notification of Actions Taken (Article 19): Confirm in writing that you have informed any third parties to whom my personal data has been disclosed about the rectification, restriction, or erasure of data as requested above.

17. Explanations for Retention or Processing (if applicable): If you believe there are legal grounds to retain or continue processing any data after this request, provide a clear explanation and the specific legal basis relied upon.



In compliance with Article 12(3) of the GDPR, please respond to this request without undue delay and in any case within one month of receipt. Should you require additional time, inform me within this initial period, including the reason for any extension.



Please be advised that failure to comply with these requests will leave me no choice but to file a formal complaint with the relevant Data Protection Authority under Article 77 of the GDPR. In addition, I reserve the right to pursue legal action under Article 79, which grants me the right to seek judicial remedy if I believe my rights have been violated, and Article 82, which entitles me to compensation for any material or non-material damage resulting from non-compliance.



I expect prompt and full compliance with this request. Please confirm receipt of this letter and provide a timeline for when I may expect a full response. If any part of this request cannot be fulfilled, I request a detailed legal justification for the inability to comply.



Thank you for your attention to these requests.

Your point 15 request (based on Article 17) is not legally possible for the EMI to follow. If we take AMLD5 or AMLD6 (to be fair, practically any of the AML laws from the past, we even saw the same discussion with MFSL in 2014), the GDPR right to erasure, also known as the "right to be forgotten," does not apply to this data as it must be retained for compliance with AML and counter-terrorism financing laws. EMIs (and practically any other NBFIs) must keep customer data, like the identification information, transaction records (does not apply here), and risk assessments, for a minimum of five years after the business relationship ends (in this case your rejection even though you did not necessarily become an active client). To reiterate, the required retention period (typically five years under EU AML laws) applies to all data collected for AML compliance and does not change, whether the relationship is actually established or terminated during the process of its establishment.

The exact same applies to your point 12 referring to Article 18 of the GDPR law and point 13 referring to Article 21 of the GDPR law. Point 12 because the restriction of processing cannot be applied to AML-related data (which the institution is legally obligated to maintain and process for compliance purposes). The EMI can continue processing regardless of a restriction request, provided it is necessary to meet regulatory requirement (it is unlikely for it to continue processing it anyway, though). Point 13 because the right to object does not apply if data processing is necessary for compliance with a legal obligation.

Your goal and premise is cool and all, but you can't really choose what the EMI does with your info (at least not to this extent).