Last updated: 1 January 2025 · Effective: 1 January 2025
Your data is protected under GDPR and applicable data protection laws
1. Overview
GXG Trading ("GXG", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website, trading platform, or any related services (collectively, the "Services").
By accessing our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Services immediately.
GXG operates under full regulatory oversight and complies with applicable data protection legislation, including the General Data Protection Regulation (GDPR) where applicable, as well as the data protection laws of the United Arab Emirates and the United Kingdom.
We will never sell your personal data to third parties for marketing purposes. Your information is used solely to provide, improve, and protect our Services.
2. Data We Collect
We collect personal data that you provide directly, data generated through your use of our Services, and data from third-party sources. The categories of data we collect include:
Identity Data: Full name, date of birth, nationality, government-issued identification documents (passport, national ID).
Contact Data: Email address, telephone number, mailing address, country of residence.
Financial Data: Bank account details, payment card information, transaction history, account balances, and trading activity.
Technical Data: IP address, browser type and version, device identifiers, operating system, referral sources, and session logs.
Usage Data: Pages visited, features used, time and duration of visits, click-stream data, and platform interactions.
Verification Data: Documents submitted for KYC (Know Your Customer) and AML (Anti-Money Laundering) compliance purposes.
Communications Data: Records of correspondence with our support team, including emails, live chat transcripts, and call recordings.
We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately.
3. How We Use Your Data
We use your personal data only for legitimate purposes and where we have a legal basis to do so. Our purposes include:
Account Management: To create, maintain, and manage your trading account, verify your identity, and process transactions.
Regulatory Compliance: To fulfil our legal obligations under applicable financial regulations, including KYC, AML, and tax reporting requirements.
Service Provision: To provide you with access to our trading platform, execute trades, process deposits and withdrawals, and deliver customer support.
Communication: To send you service-related notifications, account alerts, market updates (if subscribed), and responses to your enquiries.
Security & Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorised access, and other illegal activities.
Platform Improvement: To analyse usage patterns, conduct research, and improve the functionality and user experience of our Services.
Legal Claims: To establish, exercise, or defend legal claims where necessary.
4. Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients, strictly on a need-to-know basis:
Regulatory Authorities: We are required by law to share data with financial regulators, tax authorities, and law enforcement agencies upon lawful request.
Payment Processors: Trusted third-party payment service providers process transactions on our behalf and are bound by strict data protection obligations.
Technology Partners: Cloud infrastructure providers, cybersecurity firms, and platform technology vendors who assist in delivering our Services.
Professional Advisors: Lawyers, auditors, and consultants engaged in the course of our business operations, subject to confidentiality obligations.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, with prior notice given to you.
All third-party service providers are contractually obligated to process your data only in accordance with our instructions and applicable law.
5. Data Security
We implement robust technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:
256-bit SSL Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols.
Multi-Factor Authentication: MFA is available on all accounts and strongly recommended to prevent unauthorised access.
Access Controls: Strict role-based access controls ensure only authorised personnel can access personal data, limited to what is necessary for their role.
Regular Security Audits: We conduct periodic penetration testing, vulnerability assessments, and third-party security audits of our infrastructure.
Data Minimisation: We only collect and retain the minimum amount of personal data necessary to fulfil the stated purpose.
Despite these measures, no transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any breach that may affect your rights.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Right of Access: You may request a copy of the personal data we hold about you at any time.
Right to Rectification: You may request correction of any inaccurate or incomplete personal data.
Right to Erasure: You may request deletion of your personal data where we no longer have a legal basis for processing it.
Right to Restriction: You may request that we restrict processing of your personal data in certain circumstances.
Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting prior processing.
To exercise any of these rights, please contact our Data Protection Officer at dpo@gxgprofx.com. We will respond within 30 days.
7. Cookies & Tracking
We use cookies and similar tracking technologies to enhance your experience, analyse traffic, and for security purposes. The types of cookies we use include:
Essential Cookies: Required for the operation of our platform. These cannot be disabled without affecting core functionality.
Analytics Cookies: Help us understand how users interact with our Services so we can improve performance and user experience.
Preference Cookies: Remember your settings and preferences, such as language and display options, between sessions.
Security Cookies: Used to authenticate users, prevent fraudulent use of accounts, and protect user data.
You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our Services. For more information, please refer to our full Cookie Policy.
8. Contact & Complaints
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal data, please contact us:
If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.
We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated effective date. Continued use of our Services after any changes constitutes your acceptance of the revised policy.