Privacy Policy

The data controller responsible for your personal data is GemHoldings Ltd., incorporated in England and Wales (Registration No. 0298461), with registered address at 123 Financial District, London, EC2A 1NT, United Kingdom.

We are registered with the Information Commissioner's Office (ICO) and authorised and regulated by the Financial Conduct Authority (FCA) (Ref. 298461).

We collect the following categories of personal data:

• Identity Data: Full name, date of birth, nationality, government-issued ID documents.
• Contact Data: Email address, phone number, residential address.
• Financial Data: Bank account details, payment card information (processed via PCI-DSS compliant providers), transaction history.
• Technical Data: IP address, browser type, device identifiers, operating system, time zone, and how you use the Platform (pages visited, clicks, session duration).
• Profile Data: Username, account preferences, trading history, subscription choices, and feedback.
• Marketing Data: Preferences for receiving marketing communications from us and third parties.
• KYC/AML Data: Identity verification documents as required by applicable law.

We use your personal data for the following purposes:

• To register and manage your account on the Platform.
• To process transactions, deposits, withdrawals, and copy-trading subscriptions.
• To perform identity verification (KYC) and anti-money-laundering (AML) checks as required by regulation.
• To send transactional notifications (trade executions, deposit confirmations, security alerts).
• To prevent fraud, unauthorised access, and ensure platform security.
• To comply with our legal and regulatory obligations.
• To improve the Platform through analytics and anonymised usage data.
• To send marketing communications, where you have given consent or we have a legitimate interest.

We process your personal data on the following legal bases under UK GDPR:

• Contract performance: Processing necessary to provide the Platform services you have requested.
• Legal obligation: Processing required for AML, KYC, regulatory reporting, and tax obligations.
• Legitimate interests: Fraud prevention, security monitoring, and improving our services, where our interests are not overridden by your rights.
• Consent: For marketing emails and non-essential cookies, which you may withdraw at any time.

We do not sell your personal data. We may share it with:

• Identity verification providers for KYC and AML compliance.
• Payment processors and banks to facilitate deposits and withdrawals.
• Cloud infrastructure providers who host and operate the Platform.
• Analytics and monitoring tools used to improve service quality (data is pseudonymised where possible).
• Regulatory and law enforcement authorities when required by law, court order, or to prevent fraud.

All third-party service providers are subject to contractual data processing agreements that require them to maintain data security to the same standard we apply.

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, and reporting requirements:

• Account data: Retained for the duration of your account plus 7 years following closure.
• Transaction and financial records: 7 years from the date of transaction (FCA requirement).
• KYC/AML documents: 5 years from the end of the business relationship.
• Technical/log data: 90 days for security monitoring purposes.

We implement industry-standard security measures to protect your personal data from unauthorised access, loss, alteration, or disclosure, including:

• 256-bit TLS/SSL encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Multi-factor authentication (MFA) for all staff with data access.
• Penetration testing and vulnerability assessments conducted annually.
• ISO 27001-aligned information security management practices.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): Request deletion of your data where there is no compelling reason for continued processing.
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Receive your data in a machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: Not to be subject to decisions made solely by automated means that have a significant effect on you.

To exercise any right, email our Data Protection Officer at compliance@gemholdings.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use cookies and similar tracking technologies to provide and improve our services. Please refer to our Cookies Policy for a full breakdown of cookies used, their purpose, and how to manage your preferences.

Where we transfer personal data outside the UK or European Economic Area (EEA), we ensure that adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the ICO, or we transfer to countries with an adequacy decision.

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data promptly.