Privacy Policy

Privacy Policy
Data Protection & Compliance

Privacy Policy

1. Information We Collect

We collect Personal Data in connection with the operation of the Services, the provision of information, client onboarding, contractual engagement, custody and settlement arrangements, compliance procedures, and ongoing client relationship management. The categories of Personal Data collected depend on the nature of the interaction, the services requested, and applicable legal and regulatory requirements.

1.1 Information You Provide Voluntarily

We may collect Personal Data that you voluntarily provide to us when you interact with the Services, submit inquiries, request information, initiate onboarding, enter into contractual arrangements, or communicate with us by any means. Such information may include, where applicable:

  • Contact and identification information, such as full name, business or residential address, email address, telephone number, professional title, and affiliation.
  • Corporate and organizational information, including company name, registration details, jurisdiction of incorporation, business activities, ownership structure, and authorized representatives.
  • Identity verification and due diligence data, including copies of identification documents, proof of address, corporate formation documents, shareholder and director information, and authorization documentation.
  • Beneficial ownership and control information, including details relating to ultimate beneficial owners, directors, officers, and signatories.
  • Compliance declarations and representations, including sanctions status, politically exposed person (PEP) declarations, source of funds and source of wealth disclosures, and other confirmations required for AML/KYC and regulatory compliance.
  • Transaction- and service-related information, including custody instructions, settlement preferences, allocation requests, reporting preferences, and related communications.
  • Correspondence and communications, including emails, messages, call records (where applicable and permitted), and any other information you choose to provide in the course of interacting with us.

The provision of certain Personal Data may be mandatory in order to comply with legal obligations, enter into or perform contractual arrangements, or provide specific services. Failure to provide required information may result in the inability to proceed with onboarding or service provision.

1.2 Information Collected Automatically

When you access or use the Services, we may automatically collect certain technical and usage-related information through standard technologies and systems. Such information may include:

  • Technical identifiers, such as IP address, browser type and version, device type, operating system, language settings, and referring URLs.
  • Usage and interaction data, including pages accessed, timestamps, navigation paths, session duration, and interaction events.
  • Log and security data, including access logs, authentication events, error logs, and other records generated for operational integrity, security monitoring, audit trails, and fraud prevention.
  • Cookies and similar technologies, which may collect information relating to preferences, session management, analytics, and website functionality, as further described in Section 6 (Cookies and Tracking Technologies).

This information is collected to ensure the secure and effective operation of the Services, maintain system integrity, support analytics and performance optimization, and comply with security and compliance requirements.

1.3 Information from Third Parties

We may obtain Personal Data from third parties in connection with the provision of the Services, compliance obligations, and the operation of our business. Such information may include, where applicable:

  • Identity verification, AML/KYC, and sanctions screening providers, including results of identity checks, risk assessments, sanctions and PEP screening, and ongoing monitoring outputs.
  • Public and commercial registries and databases, including corporate registries, regulatory filings, and publicly available information relevant to due diligence and compliance.
  • Financial crime, risk intelligence, and compliance databases, used for screening, verification, and monitoring purposes.
  • Professional advisers and service providers, including legal, accounting, audit, compliance, and consulting professionals acting on our behalf.
  • Technology and infrastructure providers, including hosting, email, security, analytics, and customer relationship management systems, to the extent such providers process data on our instructions.
  • Business partners and counterparties, where relevant to the execution, verification, or administration of transactions or services.

Personal Data obtained from third parties may be combined with information collected directly from you or automatically through the Services, and may be subject to verification and cross-checking, in accordance with applicable laws and compliance requirements.

2. How We Use Personal Information

We process Personal Data for specified, explicit, and legitimate purposes related to the operation of the Services, the provision and administration of custody and related services, compliance with applicable legal and regulatory obligations, and the protection of our legitimate business interests. Personal Data is processed only to the extent necessary for such purposes and in accordance with applicable data protection laws.

Personal Data may be used for the following purposes:

2.1 Provision of Services and Contractual Performance

To assess requests, communicate with prospective clients, onboard clients, enter into and perform contractual arrangements, and administer custody, settlement, reporting, and related services, including:

  • evaluating inquiries and proposals;
  • establishing and managing client relationships;
  • executing documented off-market physical gold transactions, including same-day (T+0) or near-real-time settlement and allocation where applicable;
  • maintaining ownership, allocation, and custody records;
  • delivering reports, statements, and service communications.

To comply with applicable laws, regulations, and regulatory guidance, including obligations relating to:

  • anti-money laundering (AML) and counter-terrorist financing (CTF);
  • know-your-customer (KYC) and ongoing due diligence;
  • sanctions screening, politically exposed person (PEP) checks, and risk monitoring;
  • recordkeeping, audit, reporting, and cooperation with competent authorities where lawfully required.

2.3 Risk Management, Security, and Fraud Prevention

To protect the integrity of the Services and our operations, including:

  • preventing, detecting, and investigating fraud, misuse, and unauthorized activities;
  • maintaining security controls, access management, and audit trails;
  • monitoring and assessing operational, compliance, and counterparty risks;
  • ensuring business continuity and incident response.

2.4 Reporting, Analytics, and Service Improvement

To operate, analyze, and improve the Services, including:

  • generating internal analytics, performance metrics, and usage insights;
  • monitoring system performance and reliability;
  • improving functionality, usability, and service quality;
  • developing and enhancing operational processes and controls.

Where possible, analytics are conducted on aggregated or de-identified data; however, certain analytics and monitoring activities may involve Personal Data as necessary for operational or security purposes.

2.5 Communications and Relationship Management

To communicate with users and clients regarding:

  • responses to inquiries and requests;
  • contractual, operational, and service-related updates;
  • compliance notices, policy changes, and administrative information.

Marketing or promotional communications, where applicable, are conducted in accordance with applicable laws and subject to consent or opt-out mechanisms where required.

To establish, exercise, or defend legal claims, resolve disputes, enforce contractual rights, and comply with lawful requests from courts, regulators, law enforcement agencies, or other competent authorities.

We process Personal Data only where a valid legal basis exists under applicable data protection laws. Depending on the nature of the Personal Data and the specific processing activity, one or more of the following legal bases may apply.

3.1 Performance of a Contract and Pre-Contractual Measures

We process Personal Data where such processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract. This includes processing necessary to:

  • assess and respond to inquiries, proposals, and service requests;
  • conduct onboarding and establish client relationships;
  • enter into, administer, and perform custody, settlement, reporting, and related contractual arrangements;
  • execute documented off-market physical gold transactions, including settlement, allocation, and ownership confirmation;
  • manage client accounts, instructions, and ongoing service delivery.

Where Personal Data is required for these purposes, failure to provide such data may result in our inability to enter into or perform the relevant contractual arrangements.

We process Personal Data where such processing is necessary to comply with legal obligations to which we are subject. This includes, without limitation, processing required for:

  • anti-money laundering (AML) and counter-terrorist financing (CTF) compliance;
  • know-your-customer (KYC), customer due diligence, and ongoing monitoring;
  • sanctions screening, politically exposed person (PEP) checks, and financial crime prevention;
  • statutory recordkeeping, audit, reporting, and regulatory cooperation obligations;
  • compliance with lawful requests, orders, or inquiries from courts, regulators, supervisory authorities, or law enforcement agencies.

Where processing is based on legal obligations, certain data subject rights (such as erasure or objection) may be restricted or limited to the extent permitted by applicable law.

3.3 Legitimate Interests

We process Personal Data where such processing is necessary for the purposes of our legitimate interests, provided that such interests are not overridden by the fundamental rights and freedoms of the data subject. Our legitimate interests include, in particular:

  • operating, maintaining, and securing the Services and underlying systems;
  • preventing fraud, abuse, and unauthorized access;
  • managing operational, compliance, and counterparty risks;
  • conducting internal analytics, audits, and quality control;
  • improving and developing services, processes, and controls;
  • ensuring business continuity and organizational resilience;
  • establishing, exercising, or defending legal claims.

Where processing is based on legitimate interests, we assess the necessity and proportionality of the processing and implement appropriate safeguards to protect the interests and rights of data subjects.

We process Personal Data on the basis of consent where required by applicable law, including in relation to certain cookies, tracking technologies, or marketing communications. Where processing is based on consent:

  • consent is obtained through clear affirmative action where required;
  • consent may be withdrawn at any time, without affecting the lawfulness of processing carried out prior to withdrawal;
  • withdrawal of consent may limit access to certain features or communications but will not affect processing required for contractual performance or legal compliance.

3.5 Vital Interests and Public Interest (Where Applicable)

In limited circumstances, we may process Personal Data where such processing is necessary to protect the vital interests of a data subject or another natural person, or where processing is carried out in the public interest, including in connection with the prevention, detection, or investigation of financial crime, where permitted or required by law.

3.6 Multi-Jurisdictional Application

The legal bases described in this Section apply in accordance with applicable data protection regimes and local laws. Where local laws impose additional or different requirements, we process Personal Data in compliance with those requirements to the extent applicable to the relevant processing activity or data subject.

4. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, to perform contractual obligations, to comply with applicable legal and regulatory requirements, and to protect our legitimate interests, including the establishment, exercise, or defence of legal claims. Retention periods are determined by reference to the nature of the data, the purpose of processing, and applicable statutory, regulatory, and contractual obligations.

Where Personal Data is no longer required for the purposes described in this Policy, and no legal or regulatory obligation requires continued retention, such data is securely deleted, anonymized, or otherwise rendered inaccessible in accordance with applicable laws and internal data retention policies.

4.1 Retention by Category of Data

Without limitation, the following general retention principles apply:

(a) Website and Inquiry Data

Personal Data submitted through website forms, inquiries, or general communications by prospective clients or visitors is retained for a limited period necessary to respond to the request, manage follow-up communications, and maintain internal records, unless a client relationship is established or legal obligations require longer retention.

(b) Client and Contractual Data

Personal Data relating to clients, authorized representatives, and contractual counterparties is retained for the duration of the contractual relationship and for an additional period thereafter as required for:

  • contractual enforcement and dispute resolution;
  • accounting, audit, and recordkeeping obligations;
  • regulatory and compliance requirements.

(c) Identity Verification, KYC, and AML Data

Personal Data collected for identity verification, AML/KYC, sanctions screening, and ongoing due diligence purposes is retained for the period required under applicable AML, financial crime prevention, and recordkeeping laws and regulations, which may extend beyond the termination of the client relationship. Such retention is necessary to comply with legal obligations and to support audits, investigations, and regulatory inquiries.

Requests for deletion or restriction of such data may be limited or refused to the extent that retention is required by law.

(d) Transaction, Custody, and Allocation Records

Personal Data and records relating to transactions, custody arrangements, settlement, allocation, and ownership confirmation are retained for as long as necessary to:

  • evidence ownership and custody status;
  • support reporting and audit requirements;
  • comply with legal, regulatory, and contractual obligations;
  • establish or defend legal rights and claims.

(e) Communications and Support Records

Correspondence, support requests, and related communications may be retained for a reasonable period to ensure service quality, resolve issues, maintain audit trails, and address legal or compliance matters.

(f) Technical, Security, and Log Data

Technical logs, access records, and security-related data are retained for periods necessary to ensure system integrity, security monitoring, incident investigation, and auditability, subject to applicable legal requirements and operational needs.

4.2 Criteria for Determining Retention Periods

In determining appropriate retention periods, we take into account:

  • applicable legal and regulatory requirements, including AML/KYC and financial recordkeeping laws;
  • contractual obligations and limitation periods for legal claims;
  • the nature, sensitivity, and volume of the Personal Data;
  • the purposes for which the data was collected and processed;
  • operational, audit, and risk management requirements.

Retention periods may be extended where necessary to comply with legal obligations, regulatory guidance, or pending or anticipated legal proceedings.

4.3 Secure Disposal and Anonymization

Upon expiry of the applicable retention period, and where continued retention is not required by law, Personal Data is securely deleted, anonymized, or otherwise disposed of using appropriate technical and organizational measures designed to prevent unauthorized access, disclosure, or recovery.

5. Data Sharing and Transfers

We disclose and transfer Personal Data only where necessary for the purposes described in this Policy, in accordance with applicable laws, and subject to appropriate safeguards. Data sharing is limited to what is proportionate and relevant, and access is granted on a need-to-know basis.

5.1 Categories of Recipients

Personal Data may be shared with the following categories of recipients, where applicable:

(a) Custody and Vaulting Partners

Approved institutional custody providers, vault operators, and sub-custodians engaged under formal custody or sub-custody arrangements, to the extent necessary to facilitate physical storage, custody operations, allocation, verification, and related reporting.

(b) Compliance, AML/KYC, and Risk Service Providers

Third-party providers supporting identity verification, AML/KYC processes, sanctions and PEP screening, financial crime prevention, ongoing monitoring, and risk assessment.

(c) Professional Advisers

Legal, accounting, audit, compliance, and consulting professionals acting on our behalf and subject to applicable professional confidentiality obligations.

(d) Technology and Infrastructure Providers

Service providers supplying hosting, data storage, security, analytics, communication, customer relationship management, and other operational systems, who process Personal Data solely on our instructions and under appropriate contractual safeguards.

(e) Business Partners and Counterparties

Where relevant to the execution, settlement, administration, or verification of transactions or services, including counterparties involved in off-market physical transactions.

(f) Authorities and Regulators

Courts, regulators, supervisory authorities, law enforcement agencies, or other public authorities, where disclosure is required or permitted by law, regulation, or valid legal process.

5.2 Purpose Limitation and Access Controls

Recipients are authorized to process Personal Data only for specified purposes consistent with this Policy and applicable agreements. We implement technical and organizational measures to ensure that:

  • access is restricted to authorized personnel;
  • data is used only for the intended purposes;
  • confidentiality and integrity are maintained throughout processing.

5.3 International Data Transfers

Due to the international nature of our operations and service providers, Personal Data may be transferred to, stored in, or accessed from jurisdictions outside the country of the data subject’s residence, including jurisdictions with different data protection regimes.

Such transfers may occur, for example, in connection with:

  • cross-border custody and vaulting arrangements;
  • AML/KYC and sanctions screening conducted by international providers;
  • hosting and infrastructure services operating in multiple jurisdictions;
  • professional advisory and compliance support functions.

5.4 Safeguards for Cross-Border Transfers

Where Personal Data is transferred internationally, we implement appropriate safeguards to ensure an adequate level of data protection, which may include, as applicable:

  • contractual protections, including data processing agreements and standard contractual clauses or equivalent mechanisms;
  • technical and organizational security measures designed to protect confidentiality, integrity, and availability;
  • access limitations and role-based controls;
  • assessment of transfer risks and implementation of supplementary measures where required by law.

5.5 No Sale of Personal Data

We do not sell Personal Data to third parties. Personal Data is shared only as described in this Policy and for legitimate business, contractual, compliance, and legal purposes.

5.6 Corporate Transactions

In the event of a merger, reorganization, acquisition, asset sale, or similar corporate transaction, Personal Data may be disclosed or transferred as part of such transaction, subject to confidentiality obligations and applicable data protection requirements.

5.7 Ongoing Oversight

We maintain oversight of third-party recipients through contractual, organizational, and technical measures, and we review data sharing arrangements periodically to ensure continued compliance with applicable laws and this Policy.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate, secure, and improve the Services, and to understand how users interact with our websites. This Section explains what cookies are, how we use them, and the choices available to users.

Cookies are small text files placed on a user’s device when a website is accessed. Similar technologies may include pixels, web beacons, local storage, and server-side logging mechanisms.

6.1 Types of Cookies and Technologies Used

We may use the following categories of cookies and tracking technologies, depending on user interaction and system configuration:

(a) Strictly Necessary Cookies

These cookies are essential for the operation of the Services and enable core functionality, including:

  • website navigation and page rendering;
  • form submission and session management;
  • security features, access controls, and fraud prevention;
  • load balancing and system stability.

Strictly necessary cookies are generally set automatically and cannot be disabled through our systems, as the Services would not function properly without them.

(b) Functional Cookies

Functional cookies allow the Services to remember user preferences and choices, such as language settings or form inputs, in order to provide a more consistent and efficient user experience.

(c) Analytics and Performance Cookies

Analytics and performance technologies may be used to collect information about how users access and use the Services, including:

  • pages visited and interaction patterns;
  • session duration and navigation flows;
  • aggregated usage statistics.

Such information is used to analyze performance, diagnose technical issues, and improve the functionality and usability of the Services. Where required by applicable law, analytics cookies are used only with user consent.

(d) Security and Anti-Abuse Technologies

We may use security-related technologies, including server-side logging, web application firewalls, and automated threat detection mechanisms, to:

  • protect the Services against unauthorized access, abuse, and malicious activity;
  • monitor system integrity and performance;
  • maintain audit trails and incident response capabilities.

These technologies may collect technical identifiers and interaction metadata as part of normal security operations.

The legal basis for the use of cookies and tracking technologies depends on the category of cookie and applicable law:

  • strictly necessary cookies are used on the basis of our legitimate interests in operating and securing the Services;
  • functional and analytics cookies are used based on consent where required by applicable law, or on legitimate interests where consent is not required;
  • security-related technologies are used on the basis of legitimate interests and legal obligations to protect systems and prevent fraud.

Users may manage or disable cookies through their browser settings. Most browsers allow users to:

  • view stored cookies;
  • delete existing cookies;
  • block cookies entirely or on a site-by-site basis.

Please note that disabling certain cookies may affect the availability or functionality of the Services.

Where required by applicable law, we provide mechanisms for users to provide, refuse, or withdraw consent for non-essential cookies. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

6.4 Third-Party Cookies and Embedded Content

The Services may include content, features, or integrations provided by third parties, such as embedded media or external services. Such third parties may set their own cookies or tracking technologies in accordance with their respective privacy policies.

We do not control the operation of third-party cookies and encourage users to review the privacy policies of relevant third-party providers.

6.5 Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. As there is no universally accepted standard for responding to such signals, the Services do not currently respond to DNT browser settings.

6.6 Changes to Cookies and Technologies

The cookies and tracking technologies used by the Services may change from time to time as systems, features, and legal requirements evolve. This Policy will be updated as appropriate to reflect material changes.

7. Data Security

We implement appropriate technical and organizational measures designed to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction, alteration, or disclosure. These measures are proportionate to the nature, scope, context, and purposes of processing, and to the risks presented to the rights and freedoms of data subjects.

7.1 Technical and Organizational Measures

Our security framework includes a combination of administrative, technical, and physical safeguards, which may include, where appropriate:

  • access controls and authentication mechanisms designed to restrict access to Personal Data to authorized personnel only;
  • role-based access and least-privilege principles;
  • encryption or equivalent protective measures for data in transit and, where appropriate, at rest;
  • secure system architecture, network segmentation, and monitoring controls;
  • logging, audit trails, and security event monitoring;
  • procedures for vulnerability management, patching, and system maintenance.

Security measures are periodically reviewed and updated to address evolving risks, technological developments, and regulatory expectations.

7.2 Organizational Controls and Confidentiality

We maintain internal policies and procedures governing the handling of Personal Data, including:

  • confidentiality obligations applicable to employees, contractors, and authorized representatives;
  • training and awareness programs relating to data protection and information security;
  • incident response and escalation procedures;
  • internal oversight and accountability mechanisms.

Access to Personal Data is limited to individuals who require such access for legitimate business, contractual, compliance, or legal purposes.

7.3 Third-Party Security

Where Personal Data is processed by third-party service providers on our behalf, we require such providers to implement appropriate security measures consistent with applicable legal requirements and industry standards. We assess and monitor third-party security practices through contractual protections and, where appropriate, due diligence and oversight.

7.4 Data Breach Management

We maintain procedures designed to identify, assess, and respond to personal data breaches. In the event of a breach involving Personal Data, we will:

  • take appropriate steps to contain and mitigate the incident;
  • assess the nature and scope of the breach and associated risks;
  • notify affected individuals and competent authorities where required by applicable law;
  • document and review the incident to prevent recurrence.

7.5 Limitations

While we take reasonable steps to protect Personal Data, no system or transmission method can be guaranteed to be completely secure. Users acknowledge that the transmission of information over the internet involves inherent risks.

8. Your Rights

Data subjects may have certain rights in relation to their Personal Data under applicable data protection laws. The availability and scope of these rights depend on the jurisdiction, the nature of the processing, and the applicable legal basis. Where required by law, we facilitate the exercise of applicable rights, subject to lawful limitations and exemptions.

8.1 Rights under GDPR, UK GDPR, and Comparable Regimes

Where the General Data Protection Regulation (GDPR), UK GDPR, or comparable data protection regimes apply, data subjects may have the following rights, subject to applicable conditions and limitations:

  • Right of access
    The right to obtain confirmation as to whether Personal Data is being processed and, where applicable, access to such data and related information.
  • Right to rectification
    The right to request correction of inaccurate or incomplete Personal Data.
  • Right to erasure (“right to be forgotten”)
    The right to request deletion of Personal Data where processing is no longer necessary or otherwise unlawful, subject to legal and regulatory retention obligations.
  • Right to restriction of processing
    The right to request limitation of processing in certain circumstances, such as where the accuracy of data is contested or processing is unlawful.
  • Right to data portability
    The right to receive certain Personal Data in a structured, commonly used, and machine-readable format, and to transmit such data to another controller, where applicable.
  • Right to object
    The right to object to processing based on legitimate interests, subject to compelling legitimate grounds or legal obligations requiring continued processing.
  • Right to withdraw consent
    Where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
  • Right to lodge a complaint
    The right to lodge a complaint with a competent supervisory authority in the data subject’s jurisdiction.

8.2 Limitations and Exemptions

The exercise of the rights described above may be limited or restricted where processing is necessary to:

  • comply with legal and regulatory obligations, including AML/KYC, sanctions screening, financial crime prevention, and recordkeeping requirements;
  • perform or enforce contractual obligations;
  • establish, exercise, or defend legal claims;
  • protect the rights and freedoms of others;
  • maintain security, auditability, and integrity of systems and records.

In particular, requests for erasure, restriction, or objection may be refused or limited where retention or processing of Personal Data is required by law or necessary for compliance, audit, or legal purposes.

8.3 Verification of Requests

To protect Personal Data and prevent unauthorized access, we may require verification of identity before responding to a rights request. Where a request is made by an authorized representative, we may require proof of authority.

8.4 Response Timeframes

We endeavor to respond to valid rights requests within the timeframes required by applicable law. Where permitted, response periods may be extended in accordance with legal requirements, taking into account the complexity and number of requests.

8.5 Other Jurisdictions

Where data protection laws outside GDPR or UK GDPR apply, data subjects may have similar or additional rights under local laws. We address such requests in accordance with applicable legal requirements in the relevant jurisdiction.

8.6 Exercising Your Rights

Requests to exercise data protection rights should be submitted using the contact details provided in Section 12 (Contact Information). Requests should specify the nature of the request and include sufficient information to enable us to verify identity and locate the relevant Personal Data.

The Services may contain links to third-party websites, platforms, or resources that are not operated or controlled by us. Such links are provided for convenience or informational purposes only.

We do not control, endorse, or assume responsibility for the content, privacy practices, data processing activities, security measures, or terms of use of any third-party websites or services. Access to and use of third-party websites is at the user’s own risk and subject to the applicable terms, conditions, and privacy policies of such third parties.

Any Personal Data provided by users to third-party websites or services is collected and processed by those third parties in accordance with their own privacy policies and practices. We are not responsible for the protection, handling, or use of Personal Data by third parties, and this Policy does not apply to any third-party websites or services.

We encourage users to review the privacy policies and terms of use of any third-party websites they choose to access through links provided on the Services.

10. Children’s Privacy

The Services are not directed to, and are not intended for use by, individuals under the age of eighteen (18) or such other age as may be defined as a minor under applicable law. We do not knowingly collect, use, or process Personal Data relating to children.

If we become aware that Personal Data of a child has been collected or processed without appropriate legal basis or parental or guardian consent where required by law, we will take reasonable steps to delete such information or otherwise address the matter in accordance with applicable legal requirements.

Where applicable laws require parental or guardian consent for the processing of Personal Data relating to a minor, and such consent has not been obtained, we reserve the right to suspend or terminate access to the Services and to refrain from providing services involving such data.

Parents or legal guardians who believe that a child has provided Personal Data through the Services may contact us using the details set out in Section 12 (Contact Information) to request appropriate action, subject to applicable legal and verification requirements.

11. Updates to This Policy

We may update or amend this Privacy Policy from time to time to reflect changes in our services, business practices, legal or regulatory requirements, or technological developments.

Where changes are material, we will take reasonable steps to inform users of such changes, which may include posting a notice on the Services, updating the “Last updated” date of this Policy, or providing other appropriate notifications where required by applicable law.

Continued use of the Services after an updated version of this Policy has been made available constitutes acknowledgment of the updated Policy, to the extent permitted by applicable law. Where required, we will obtain consent for changes that materially affect the processing of Personal Data.

We encourage users to review this Policy periodically to remain informed about how Personal Data is processed and protected.

12. Contact Information

For questions, requests, or concerns relating to this Privacy Policy or the processing of Personal Data, including the exercise of data protection rights, users may contact the data controller using the details set out below.

Data Controller:
Golden Ark General Trading (FZC) LLC
Operating under the trade name Golden Ark Reserve

Registered Jurisdiction:
Sultanate of Oman

Registered Address:
Office 327, Block 3900, P.O. Box 123
Sohar Free Zone, Sohar 322
Sultanate of Oman

Email (Privacy and Data Protection):
privacy@goldenarkreserve.com
(or, where applicable, info@goldenarkreserve.com)

Telephone:
+968 9222 6118

Requests relating to Personal Data should clearly specify the nature of the request (e.g., access, rectification, restriction, objection, or other inquiry) and include sufficient information to enable identity verification and location of the relevant data. Where requests are submitted by an authorized representative, appropriate proof of authority may be required.

We will respond to privacy-related inquiries and requests in accordance with applicable data protection laws and within the timeframes prescribed by such laws. Where permitted, response periods may be extended to account for the complexity or volume of requests.

Request gold custody proposal

Global custody and settlement services. Secure vault in Hong Kong, insured and independently audited.
goldenarkreserve.com (Request Form)