Coinzy logo

Legal

Privacy Policy

Effective date: February 13, 2026. This Privacy Policy provides a comprehensive explanation of how Gold Matching Network LLC (GMN Gold Markets) collects, uses, discloses, transfers, and protects personal data in connection with our website, onboarding, and financial services.

1. Who is responsible for data protection and how can you contact us?

Gold Matching Network LLC is the data controller for personal data processed through this website, account onboarding flows, and related service systems.

This policy applies to personal data processed when you visit https://www.gmnexchange.com, submit inquiries, open and use an account, and interact with our operations, support, compliance, and risk teams.

If you need clarification about how your personal data is processed, contact our Privacy and Compliance function via the contact details in Section 11.

  • Legal name: Gold Matching Network LLC
  • Trading name: GMN Gold Markets
  • Company No. 4397 LLC 2026
  • Regulatory status: Authorised and regulated by the Financial Services Authority (FSA) of Saint Vincent and the Grenadines

2. What personal data do we process?

We process personal data necessary to provide financial services, comply with regulatory requirements, and protect clients, the platform, and the broader financial system from fraud and abuse.

The categories below describe typical data processed by GMN and the primary purposes and legal bases that support each category.

Identity and verification data

Full name, date of birth, nationality, passport/ID, selfie/liveness checks, proof of address

Legal obligation, contract performance, legitimate interests (fraud prevention)

Customer onboarding, KYC/AML, sanctions and PEP checks, account security

Contact and profile data

Email address, phone number, residential address, account preferences

Contract performance, legitimate interests, consent (where required)

Account communication, support, service updates, platform settings

Financial suitability and source-of-funds data

Employment/occupation details, financial profile, source-of-funds declarations, risk profile

Legal obligation, contract performance

Regulatory suitability assessment, compliance monitoring, anti-financial crime controls

Transaction and account activity data

Deposits, withdrawals, order history, balances, device/session-linked trade events

Contract performance, legal obligation, legitimate interests

Trade execution, reconciliation, dispute handling, audit trail integrity

Technical and usage data

IP address, browser type, operating system, device identifiers, cookie/session identifiers

Legitimate interests, consent (for non-essential cookies where applicable)

Security hardening, performance monitoring, fraud detection, website optimization

Communications and complaint data

Emails, support tickets, complaint correspondence, recorded calls/chats where permitted

Contract performance, legal obligation, legitimate interests

Service support, quality assurance, complaint resolution, regulatory recordkeeping

3. How do we collect your personal data?

We collect personal data directly from you (for example, during registration, onboarding, support interactions, and payment/account requests), automatically through your use of our website and systems, and from third-party sources used for verification and compliance.

Third-party sources may include identity-verification providers, sanctions and PEP screening providers, payment processors, public registries, analytics providers, and other service providers assisting regulated operations.

  • Data you provide directly through forms, applications, and communications
  • Data generated through your account and transaction activity
  • Data obtained from verification and compliance partners
  • Data from publicly available lawful sources where needed for due diligence

4. For what purposes and on what basis do we process data?

We process personal data for account creation and administration, compliance screening, service delivery, transaction handling, fraud prevention, cybersecurity, and legal/regulatory reporting.

Processing is performed on one or more lawful bases: performance of a contract, compliance with legal obligations, legitimate interests, and consent where specifically required.

  • Contract performance: onboarding, account operation, transaction support
  • Legal obligation: AML/CFT controls, sanctions screening, audit and reporting duties
  • Legitimate interests: security monitoring, service resilience, dispute prevention
  • Consent (where applicable): specific marketing and optional tracking activities

5. To whom may we disclose personal data?

We may disclose personal data to affiliated entities, external service providers, professional advisers, financial institutions, liquidity/technology partners, auditors, and competent authorities where required or permitted by law.

We require processors and service providers to handle personal data under documented instructions, confidentiality obligations, and appropriate security standards.

  • Group entities and operational affiliates
  • Payment providers, banks, and settlement partners
  • Identity verification, screening, and compliance vendors
  • Technology, hosting, analytics, and communication providers
  • Regulators, law-enforcement bodies, courts, and competent authorities

6. International transfers

Because our services and supporting vendors operate across multiple jurisdictions, personal data may be transferred internationally.

Where required by applicable law, we apply safeguards such as contractual controls, access restrictions, technical security measures, and transfer governance procedures to protect transferred personal data.

7. Security and confidentiality

We maintain administrative, technical, and organizational controls designed to protect personal data from unauthorized access, loss, misuse, alteration, or unlawful disclosure.

Controls include role-based access, credential protections, monitoring, secure transmission practices, incident response workflows, and periodic review of vendor security posture.

Although we implement robust safeguards, no digital environment is entirely risk-free. You should also protect account credentials and devices used to access our services.

8. How long do we keep personal data?

We retain personal data only for as long as necessary to satisfy contractual, regulatory, legal, accounting, and risk-management obligations.

Retention windows depend on data type and jurisdiction. Where a legal hold, dispute, or investigation is active, retention may be extended until closure of the relevant matter.

KYC and customer due-diligence records

Minimum 5 years after account closure

AML, sanctions, and regulatory obligations

Transaction, order, and account ledger records

At least 5 years, longer if required

Financial regulation, audits, dispute resolution

Complaints and support case files

Up to 5 years from case closure

Regulatory oversight and legal defensibility

Security and access logs

Typically 12 to 24 months

Cybersecurity monitoring and incident response

Marketing consent/preference records

While consent remains active, plus audit period

Consent evidence and preference management

Tax/accounting records

As required by applicable tax/accounting law

Statutory financial reporting compliance

9. Your privacy rights

Subject to applicable law, you may exercise privacy rights in relation to your personal data. We may need to verify your identity before completing a request.

Certain rights may be limited where processing is required by law, necessary to establish/defend legal claims, or required for financial crime prevention.

Right of access

Request confirmation of whether we process your personal data and obtain a copy of relevant data.

Right to rectification

Ask us to correct inaccurate or incomplete personal data where justified.

Right to erasure

Request deletion of personal data where legal grounds apply and no overriding retention obligation exists.

Right to restriction

Request temporary restriction of processing in specific scenarios, such as disputed accuracy.

Right to object

Object to processing based on legitimate interests, including certain direct-marketing use cases.

Right to data portability

Where applicable, receive certain personal data in a structured, commonly used format.

Right to withdraw consent

Withdraw consent at any time for processing that relies on consent, without affecting prior lawful processing.

Right to complain

Lodge a complaint with a competent data-protection or financial supervisory authority.

10. Is providing personal data mandatory?

In many cases, yes. If we cannot collect required identity, verification, or compliance data, we may be unable to open or maintain your account or provide regulated services.

Where data is optional, we will indicate this clearly. Choosing not to provide optional data may affect convenience features but will not necessarily prevent core website access.

11. Contact details and complaints

If you have a privacy question, access request, correction request, or complaint, contact our Privacy and Compliance team first so we can investigate and respond promptly.

If you are dissatisfied with our response, you may escalate your concern to a competent supervisory authority in your jurisdiction.

  • Email: info@gmnexchange.com
  • Address: Level 4, Griffith Corporate Centre, Beachmont, Kingstown, Saint Vincent and the Grenadines
  • Website: https://www.gmnexchange.com

12. Updates to this Privacy Policy

We may update this Privacy Policy to reflect legal, regulatory, operational, or technical changes. The most current version will always be posted on this page.

Material updates become effective from the revised effective date shown at the top of this page.

Data Protection Contact

Gold Matching Network LLC

Level 4, Griffith Corporate Centre, Beachmont, Kingstown, Saint Vincent and the Grenadines

Email: info@gmnexchange.com

Website: https://www.gmnexchange.com