This Privacy Policy governs how the Gocommex platform (hereinafter “Gocommex”, “we”, “us”, “our”) collects, uses, processes, stores, and discloses information obtained from users of our website for the purpose of providing you with the services available on our Website (hereinafter “Services”).
This Privacy Policy incorporates the provisions of the EU General Data Protection Regulation (GDPR), the EU ePrivacy Directive, the Data Protection Act, and aligns with other applicable mandatory laws and regulations, as we operate in compliance with data protection rules within the European Economic Area (EEA).
We respect the privacy of all Website users and ensure that users’ Personal Data is processed securely and in accordance with applicable laws and regulations.
This Privacy Policy applies to the Website, Services, and products offered by Gocommex (whenever you use the Services via the Website or mobile application or communicate with us—for example, via email or by completing a messaging form on the Website).
We consider that you have read this document carefully and agreed to its terms.
By using the Website, Services, and products offered by Gocommex or communicating with us, you express your consent to this Privacy Policy. By checking the consent box when creating an Account on the Platform, you give your explicit consent to this Privacy Policy and all methods of processing Personal Data described herein and in the User Agreement, including the processing, storage, and use of your Personal Data.
If you do not agree with this Privacy Policy, you should refrain from using our Website, mobile application, and/or our Services or creating an Account. This Privacy Policy is an integral part of our User Agreement.
The EU General Data Protection Regulation (“GDPR”) is an EU legal act on privacy and personal data protection. It aims to specify privacy safeguards in organizational systems, detailed personal data protection agreements, and more transparent and detailed disclosures to consumers about how companies ensure privacy and protect personal data.
This Regulation applies to the processing of Personal Data wholly or partly by automated means, as well as to the processing of Personal Data otherwise than by automated means which form part of a filing system or are intended to form part of a filing system. Generally, GDPR requirements apply to all companies, institutions, and organizations processing Personal Data.
GDPR defines how organizations may process the Personal Data of natural persons. The terms “Personal Data” and “Processing” are commonly used in legislation, and understanding their specific meaning under the GDPR sheds light on the true scope of this law:
Personal Data means any information relating to an identified or identifiable individual. This is a very broad concept, as it includes any information that can be used alone or in combination with other data to identify a person. Personal Data is not just a person’s name or email address; it may also include financial information or, in some cases, an IP address. Furthermore, certain categories of Personal Data receive a higher level of protection due to their sensitive nature and are therefore subject to stricter processing restrictions. These special categories include data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sexual life or sexual orientation, and criminal convictions or offenses (including alleged offenses).
Processing of Personal Data is the core activity that gives rise to obligations under the GDPR. Processing means any operation or set of operations performed on Personal Data or on a set of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. In practice, any procedure involving the storage or use of Personal Data is considered processing.
GDPR is relevant to any international company, not just those based in the EU. Under GDPR, organizations can fall within its scope if (i) the organization is established in the EU or (ii) the organization is not established in the EU but the data processing activities relate to individuals in the EU and are connected with offering them goods or services or monitoring market trends.
We will collect, store, and use your Personal Data for the purposes set out in this Privacy Policy.
We have identified the types of Personal Data about you that we may use, as well as how and why we will use it.
1. Personal data that our customers provide us for registration include:
your contact details, including your name, address, email address, and telephone number;
your identification details, including date of birth, gender, and residential address.
2. Personal data under the “Know Your Customer” (KYC) procedure that we obtain from you, third parties, and/or public sources include:
passport or other government-issued identity document (including document number and expiry date);
documents evidencing the source of your funds;
results of screening under the “Know Your Customer” (KYC) or Politically Exposed Person (PEP) procedures, including information collected by our providers;
other personal data if provided during KYC/compliance/verification procedures (including any additional procedures), etc.
3. Personal data you provide as part of your Gocommex Account, including:
your password;
your account and marketing preferences.
4. Personal data related to your use of our Services, including:
your exchange orders, instructions;
your transactions using your account(s), including your account(s) at third-party banks or financial institutions, payment card details, amount sent, sender or recipient details, and the date/time of the transfer you make or receive;
information about the digital device you use to access our Services, such as device type, operating system, screen resolution, unique device identifiers, mobile network provider;
IP address;
login dates/times and requests;
personal data in your correspondence with us via email, phone, messaging, SMS, online chats, social media, or otherwise;
whether you clicked links in messages from us, including the URL of our website;
personal data you provide in response to our surveys.
5. Personal data that we collect from third parties to register you as a client or provide you with Services include:
personal data related to payments to or from your account(s), provided by payment processors, banks, card schemes, and other financial service providers;
personal data from credit reference agencies or fraud prevention agencies.
6. Personal data that we collect when you use our website (whether or not you are registered to use our Services), including:
device information, such as operating system, unique device identifiers, mobile network provider;
hardware and browser settings;
visit date and time;
pages you visit, duration of visits, your interactions with the page (e.g., scrolling, clicks, and mouse movements), referral methods, and search terms used;
IP address.
7. Personal data that we collect from individuals representing organizations (our corporate clients and suppliers), including:
names, roles, and contact information of individuals working at those organizations;
other personal data about such individuals;
any personal data contained in correspondence with those individuals.
We collect and process all types of Personal Data to provide you with our Services, ensure the proper functioning of our Services, and identify your identity and secure our Services, namely:
We may use the Personal Data you provide for registration to:
process your registration application;
onboard you as a client;
provide our products and Services;
manage and administer our Services, including your Account on our platform;
communicate with you about your Account and our services, including informing you about our products and services;
send personalized service and product offers.
We may use your Personal Data obtained through the Know Your Customer (KYC) process to:
conduct periodic checks and fulfill our regulatory obligations;
help ensure the authenticity of our users and prevent and detect fraud, money laundering, and other crimes (e.g., terrorism financing and data theft).
We may use the Personal Data you provide as part of your Account to:
manage and administer your Account;
communicate with you regarding your Account and our Services.
We may use Personal Data related to your use of our Services to:
manage our Services and systems;
verify your location and ensure you are using the device registered in our records to prevent fraud;
develop and improve our Services based on analysis of this information, user behavior, and technical capabilities;
enhance our Services to better match the behavior and technical capabilities of our users;
address any questions or issues;
monitor customer communications for quality assurance and self-training.
We may use Personal Data that we collect from third parties to register you as our client or provide you with Services to:
manage our Services and systems;
help us prevent and detect fraud.
We may use Personal Data that we collect when you use our website (whether or not you are registered to use our Services) to:
develop new Services based on the information collected, user behavior, and technical capabilities;
identify issues with the Website, including security and user experience;
track how our Website is used (including locations from which it is accessed, devices used, understanding peak usage times, and analyzing which features and information are most and least used), how customers come to us (e.g., via links on other websites or advertising banners), and how our Website is used by different user groups;
conduct statistical analysis and research to better understand our customer base, their use of our Services, and what attracts them to our Services.
We may use Personal Data that we collect from individuals representing organizations, such as our corporate clients and suppliers, to:
provide Services and products;
build B2B relationships and partnerships with other organizations;
send marketing communications to those individuals;
enhance our Services and develop new Services based on their preferences and behavior;
obtain Services for our business.
Data Subject Rights
You have certain rights regarding your Personal Data, including the following:
Right to be informed – you have the right to information about the collection and use of your Personal Data, including who collected and processed the data; the purposes of processing; data retention periods; recipients of your Personal Data; etc.;
Right of access – you have the right to obtain confirmation from us whether your Personal Data is being processed, the purposes of processing, categories of data collected, recipients to whom the data has been or will be disclosed; etc.;
Right to rectification – you have the right to request correction of inaccurate Personal Data about you, and to have incomplete data completed;
Right to erasure (‘right to be forgotten’) – you have the right to request deletion of your Personal Data if it is no longer necessary for the purposes for which it was collected or processed, or if there is no legal basis for processing;
Right to restriction of processing – you have the right to request that we restrict further processing of your Personal Data so that it can only be processed with your explicit consent;
Right to data portability – you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transfer those data to another controller, where technically feasible;
Right to object – you have the right at any time to object to our processing of your Personal Data for reasons related to your particular situation, or where there is no legitimate basis for processing that overrides your interests, rights, and freedoms;
Right to withdraw consent – you may withdraw your consent to our processing of your Personal Data at any time and request that we cease accessing, storing, using, or otherwise processing your Personal Data if you believe we lack a proper basis;
Right not to be discriminated against – we will not treat you less favorably for exercising any of your data subject rights.
Please note that if you have given your explicit consent to marketing communications, you can withdraw it at any time. You may also unsubscribe from our marketing messages.
Please be aware that from time to time we may need to contact you regarding operational issues or to meet performance requirements under our agreement with you. This will not be marketing communication, and we will rely on our legitimate interests to contact you for these purposes.
We need to collect certain types of Personal Data to comply with legal obligations concerning our anti-fraud and anti–money laundering/Know Your Customer (KYC) requirements. If this Personal Data is not provided, we will not be able to provide our Services to you.
Your Personal Data may also be processed if required by a legitimate request from law enforcement or regulatory bodies, or in connection with the defense of legal claims. We will not delete Personal Data if it is relevant to any investigation or dispute. It will be retained until these matters are fully resolved.
We do not collect or store any information about children under 18 years of age. Minors and children should not use our Website or our Services. By using our Website and Services, you confirm that you have the legal capacity to enter into a binding agreement.
We do not process any sensitive personal information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person’s sex life or sexual orientation.
We employ various physical, technical, and administrative security measures to ensure the confidentiality of your Personal Data and protect it against loss, theft, unauthorized access, misuse, alteration, or destruction, as well as other unlawful third-party actions.
We have implemented security measures such as encryption in transit and at rest, data storage diversification, strict physical access controls to facilities and files, anonymization techniques, data and asset segmentation, and limited physical access by a minimal number of individuals using multi-user access tools under strict confidentiality obligations.
Please note that we periodically review and update our information security policies and measures.
We do not sell, trade, or rent our Users’ Personal Data to third parties. In exceptional cases, where required by policies of third-party financial institutions for user identification and to deliver our Services, certain User Personal Data (e.g., your contact and/or identification details) may be shared with those financial institutions.
Users understand and agree that we may disclose their Personal Data to third parties performing Know Your Customer (KYC) screening and fraud database checks. Such third parties have been vetted by us and guarantee compliance with data protection laws and this Privacy Policy.
We retain your Personal Data only for as long as necessary to fulfill the purposes set out in this Privacy Policy, except where a longer retention period is required or permitted by law.
To comply with our legal or regulatory obligations and global industry standards, you consent to our retaining such information for the duration of your Account and for five (5) years after its closure.
We store your Personal Data in a de-identified, diversified, or aggregated form so as not to personally identify you.
We may retain your Personal Data longer than required by law if it aligns with our legitimate business interests and is not prohibited by law.
We may disclose certain Personal Data to our business partners who provide services such as cloud services/servers, insurance, analytics, research, or directly assist us in delivering our Services. We share only the minimal Personal Data necessary for providing the required service.
Personal Data will be disclosed solely for the purpose of delivering Services to our Users and improving service quality and related communications. Such information will not be provided to third parties for their own marketing purposes.
We may disclose your Personal Data as required by law, court order, litigation procedures, or public or governmental requests within or outside your country of residence. We may also disclose your Personal Data if we deem it necessary or appropriate for national security, legal compliance, or other vital public interests.
We may also disclose your Personal Data if we determine that disclosure is necessary to enforce Gocommex’s User Agreement or to protect our operations and our users.
We may transfer and store your Personal Data that we collect in countries other than the country in which the data were originally collected, including countries outside the European Economic Area (EEA), the UK, and Switzerland. In those countries, the same data protection laws may not apply as in the country where you provided the data. When we transfer your Personal Data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate safeguards for transfers outside the EEA, the UK, and Switzerland.
If you are located in the EEA, the UK, or Switzerland, we will transfer your Personal Data only in the following cases:
the country to which your Personal Data will be transferred has received an adequacy decision from the European Commission; or
we have implemented appropriate safeguards for the transfer of Personal Data, such as entering into EU Standard Contractual Clauses and requiring additional security measures from the recipient, or the recipient is subject to binding corporate rules approved by the EU, UK, or Swiss supervisory authorities.