Privacy Policy

1. Introduction

At GOLDBROKER LTD we take the confidentiality of your Personal data seriously and are committed to ensuring privacy for Internet users and users of our services.

This Privacy policy (“Policy”) sets out details about the way we process Personal data that we collect from you when you use our website. It explains what information we may collect about you, as well as how we use, share, disclose or otherwise process that Personal data in a secure manner.

Our website includes social media buttons and links to third-party websites. Clicking on those links or buttons may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Policy of every website you visit.

2. Your acceptance of the privacy policy

By using this website, you signify your full acceptance to the Policy. If you do not agree with any term in this Policy, please do not use this website.

We may update this Policy from time to time, please do check our webpage regularly.

In any case, the Policy is easily accessible at the bottom of every page of our website.

3. Our undertaking

Since the Brexit and the European Commission adequacy decision, UK data protection legal framework consists of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Data Protection Privacy and Electronic Communications 2020. The processing of your Personal data is subject to the rules laid down by these regulations.

Under this legal framework, GOLDBROKER LTD is the Data controller for any processing of Personal data done by the mean of our website. We undertake to comply with all obligations applicable to Data controllers.

4. What personal data we collect?

“Personal data” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

“Special category data” – as per UK GDPR rules, Article 9(1) includes in the list of special categories of data defines as “biometric data for the purpose of uniquely identifying a natural person”.

When you contact us by phone, mail or any other mean, you share with use information that allow us to identify you.

Personal data and Special category data we collect are, for example:

• Contact forms: name, first name, email address and telephone number.
• User account creation form: name, first name, date of birth, place of birth, telephone number, postal and e-mail addresses, bank details, supporting documents (ID, proof of address and bank account identification).
• Identification data: telephone number.
• Newsletter form: e-mail address.
• Connection data: 3G, 4G, Wifi, operating system version, browser type, timestamp, IP address, type of tool used (smartphone, tablet, computer)
• Civil status data: by filming the official identity document, the software Service Provider* collects high quality images of the official identity document, from which it extracts the following data: type of document, nationality, registration number of the document, name, first name, gender, date of birth, city of birth, signature, expiration date, issue date, face.
• Face videos: by filming the User's face, the software Service Provider* takes dozens of high-quality photos of their face, without the environment around them.

• Biometric data: the software Service Provider* calculates fingerprints of the User's face from the videos of the identity document and the face provided by the latter within the Solution in order to be able to compare the fingerprints of this User with each other.

*By the Service Provider – NJFVision – Ubble – DOTFILE

5. What is the legal basis for the processing of your personal data?

The legal bases for the processing of your Personal data are:

• Where you submit a form online: the consent.
• Where you place an order and accept our Terms and Conditions: the performance of a contract.
• Where we answer to your questions/complains, process data for preventing and fighting against fraud, store data to detect security incidents in a preventive manner: our legitimate interest.
• Where the processing is necessary for compliance with a legal obligation to which we are subject, with a demand from a supervisory authority or a court, or with your request to exercise your rights of Data subject.

Data subjects: designate natural persons subject to the processing of Personal Data within the meaning of the General Data Protection Regulations in the context of the use of the Final Product by the Customer and more broadly the Users.

Artificial intelligence service: designates the remote Identity Verification Service provided by the Service Provider* adapted to the User/ Individual to which the latter has access via the Ubble Solution (NJFVision).

Our Service Provider* of artificial intelligence algorithms that make it possible to:

• Check certain security points of the User’s identity.
• Guide the User throughout their video capture process.
• Prepare the analysis by our fraud experts of the data collected.
• A review of the data collected by fraud experts which ensures a high level of reliability on the validity or otherwise of the User's identity.

For this purpose all new User’s/Individuals will be required to pass KYC procedures approaching it via link provided by Ubble Solution (NJFVision) and taking part in voluntary (as mentioned above) remote Identity Verification Services.

6. Purposes for which we will use your personal data / special category data 

We use your Personal data for the following purposes:

• To manage contact requests (e.g., respond to your inquiries).
• To manage customers.
• To send newsletters.
• To improve the quality of our services (e.g., measuring website traffic) (see section 11 below).
• To ensure the security of Personal Data (e.g., to prevent digital identity theft).
• To identify User/Individual only for fraud prevention purposes.
• To extract unique data points and create a unique mathematical representation to verify the User’s/Individual identity and prevent criminal activity against GOLDBROKER LTD account holder.
• To resolve any problem or dispute in connection with the use of our services.

7. Who we share your personal data with?

GOLDBROKER LTD acknowledges and accepts terms of the transfer and processing operations of Personal Data entrusted by the User/Individual between GOLDBROKER LTD and Service Providers (Ubble Solution – NJFVision – DotFile – DocuSign – Cabrella shipping insurance intelligence) during their contractual relationship.

GOLDBROKER LTD, together with its authorised service providers, implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing of personal data.

These measures are designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

In accordance with Article 32 of the UK GDPR, these measures are regularly reviewed and updated, taking into account the state of the art, implementation costs, and the nature, scope, context and purposes of processing, as well as the risks to individuals’ rights and freedoms.

Your Personal data may also be disclosed to a third party if required by a legal obligation, a court order, or an investigation or if needed during legal proceedings, on national territory or elsewhere that may require international transfer.

8. Protection against automated abuse (Google reCAPTCHA)

We use the reCAPTCHA service provided by Google LLC to protect our website from automated abuse, fraud, and malicious activity.

reCAPTCHA analyses interactions on our website to determine whether a user is a human or an automated system (including Bot detention). This analysis may involve the processing of personal data such as:

• IP address.
• Browser and device information.
• User interaction data (e.g. mouse movements, clicks, and time spent on the page).

Google acts as a data processor on our behalf and processes this data solely in accordance with our instructions.

The use of reCAPTCHA is based on our legitimate interest (Article 6(1)(f) UK GDPR) in protecting our website, preventing fraud, and ensuring the security of our services.

The data collected may be transferred to and processed in countries outside the United Kingdom, including European Union and the United States. In such cases, appropriate safeguards are implemented, including standard contractual clauses in accordance with applicable data protection laws.

Further information can be found in Google’s Cloud Data Processing Addendum.

9. How long do we store your personal data?

We store your data in accordance with data retention durations set by the legislation. Hence, we will only retain your Personal data for as long as necessary. When we don’t need your data anymore, we proceed to their destruction or anonymization.

More precisely, we will store your data:

a) Contact request: 3 years from the date of the last contact.

b) Personal data and special category data: within 1 year of the User’s/Individual last interaction with GOLDBROKER LTD.

c) Customer relationship: for the duration of the business relationship, plus 3 years.

d) Newsletter: 

• 3 years from the date of the last contact.
• You can opt out at any time. 

e) Information security: digital tracks: up to 12 months.

f) Request regarding your data protection rights: from one (1) to six (6) years, depending on the subject matter.

g) Dispute: six (6) years (civil liability limitation period).

10. How we ensure the security of your data

We have put in place technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed (e.g., password encryption; firewall, BDD ports closed to the outside, SSH password less login (key); SSL encryption (HTTPS); login: password + two factor authentication; encryption of backups on FTP server (accessible by password and only from the production server)).

To achieve this, we ask our staff members and IT providers to comply with strict information and security rules (e.g., duty of confidentiality, physical security measures). 

Finally, we inform you that your Personal data are stored on servers located in the UK, a country that guarantees an adequate level of protection which corresponds to the standards applicable within the EU.

11. Your data protection rights

List of your rights

As internet user or user of our services, you have the following rights:

• The right to access your Personal data (e.g., to review your Personal data we store and obtain a copy).
• The right to rectification of your Personal data (e.g., to update your data if incomplete or not correct).
• The right to object at any time to collection, processing of all our part your Personal data, (e.g., to object to processing of your Personal data for commercial prospection or solicitation purposes, including profiling to the extent it is linked to the commercial prospection). This right allows you to modify your notification preferences at any time.
• The right to restrict processing of your Personal data (e.g., in some cases defined by the law, and you challenge the processing of some data, you can request that we restrict the processing of those data for the duration of the dispute process).
• The right to data portability (e.g., you have the right to ask that we transfer the Personal data you gave us to a third party provider, or give it to you);
• The right to erasure (e.g., you can request that we erase permanently your file).
• The right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to exercise your rights

You can effectively exercise your rights by contacting us:

• By e-mail: gdpr@goldbroker.com
• By postal mail: GOLDBROKER LTD, GDPR Point of contact, 25 Eccleston Place, SW1W9NF London, United Kingdom.
• In case of doubt on your identity and as permitted by legislation, GOLDBROKER LTD can ask you to provide a proof of identity.

You request will be processed in a short time (1 month to a maximum period of 3 months, depending on the case).

Furthermore, you have the right to complain to the responsible supervisory authority (Information Commissioner’s Office – ICO) and/or to seek remedy before competent courts if you think that your rights have been denied.

12. Cookies placed on your device by our website

GOLDBROKER LTD uses cookies and similar technologies to ensure the proper functioning, security and performance of its website, as well as to improve user experience.

a) What is a cookie?

A cookie is a small text file placed on user’s device browser when you visit a website. Cookies are broadly used by websites. They ensure smooth navigation or improve it. They also provide website owners with information such as the number of visitors of their website. You are notified of the existence of these cookies at your first visit on the website thanks to a banner at the bottom of our home page.

b) What kind of cookies do we use?

Some cookies may be placed by third party companies, e.g., our business partners. These providers process data on our behalf under contractual arrangements. Please note that we do not have control over the use of these cookies.

Strictly necessary cookies

These cookies are essential for the operation of the website and cannot be disabled in our systems. They are used, for example to:

• Enable secure login and account management.
• Ensure website security and fraud prevention.
• Maintain session integrity.

Security and anti-abuse technologies

We use security tools such as Google reCAPTCHA to protect our website against automated abuse.

These technologies may process:

• IP address.
• Browser and device information.
• User interactions.

Google LLC acts as a data processor on our behalf.

Functional cookies that help us measuring visits on our website

These cookies allow us to establish website audience statistics and measurements, to analyse our website performance and improve it (e.g., to know the number of visitors, language preference and what pages are more frequently visited). GOLDBROKER LTD can measure audience of its website by using the tools offered by:

• Google Analytics

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Company’s Privacy notice

• Google Conversion Linker

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Company’s Privacy notice

• Clicky

Roxr Software Ltd – 10883 SE Main St #201 – Milwaukie, Oregon, 97222, USA
Company’s Privacy notice

Social media networks cookies

Our website uses social media plug-ins and buttons that allow to share pages and content of our website on social media networks. For example, you can “like” and share information from our website with your friends on social networks. To this end, plug-ins use cookies to track navigation of internet users whether they have an account on the social network/are logged-in to it or not.

• AddToAny

4520 Irving Street Suite 2 San Francisco, CA 94122, USA
Company’s Privacy notice

• Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland
Company’s Privacy notice

• Twitter

1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Company’s Privacy notice

• Linkedin

1000 W Maude Ave, Sunnyvale, CA 94085, USA
Company’s Privacy notice

Advertising cookies

These cookies allow to provide internet users with targeted advertising content based on their areas of interest. These cookies are placed by third party services.

• Google AdWords

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Company’s Privacy notice

• Criteo

32, rue Blanche, 75009 Paris, FRANCE​
Company’s Privacy notice

c) How long cookies are stored?

Data retention duration cannot exceed thirteen (13) months. However, information collected by audience measurement cookies can be stored twenty-five (25) months.

d) Can you accept or refuse those cookies?

You can set up your preferences regarding cookies:

• From the cookie banner displayed during your first visit on the website.
• On our cookie manager site, that you can access by clicking on the section “Set up cookie preferences” located on the bottom left of your screen.
• From your web browser.

You can have the possibility to set up, at any moment, preferences such as:

• To accept all cookies, or
• To refuse all cookies, or 
• To refuse only certain type of cookies, or
• To be informed when a cookie is placed.

We remind you that setting up your cookie preferences can impact your access to our services and contents where the use of cookies is necessary. If your browser is set to refuse all cookies, you won’t have access to some of our services. To manage your cookie preferences accordingly with your expectations, we invite you to consider the purposes of cookies when you set up your browser.

Instructions on how to set up your browser can be found on the website of your browser. To access these pages, you can follow the indications just below: 

• Internet Explorer: click the Tools button, then click Internet Options. On the General tab, under Browsing History, click Settings. Click the View Files button.
• Firefox: go to the Browser Tools tab and select the Options menu. In the window that appears, choose Privacy, and click Show cookies.
• Safari: choose Edit menu > Preferences. Click on Security and then on Show Cookies.
• Google Chrome: click on the Tools menu icon. Select Options. Click on the Advanced Options tab and navigate to the Privacy section.